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BET ON IP TELEPHONY 


Struggling provider set to launch managed 
service; analysts see its timing as risky 


LAN desktops earlier this year. | 
It will now combine those ser- 
vices with the ability to make | 
| all telephone calls over its data 
| network. This comprehensive 
WorldCom’s frame-relay, Asyn- | IP telephony service will be 
chronous Transfer Mode and IP | pitched as a replacement for | 
networks. Customers will be | companies’ traditional circuit- 
given the choice of slowly mi- | switched networks. 
vice based on IP telephony that | grating to a full voice/data/ While WorldCom declined 
will enable compa- — video IP network, | to comment about such a ser- | 
nies to replace their ON THE BRINK or buying some- | vice in advance of an official 
traditional public thing along the lines | announcement, a source at the 

. WorldCom may be ready to aa 
switched telephone  fijg jo, bankruptcy protection of an old-style Ma | company said it’s already sell- | 
networks, Comput-  @ quickLink: 31534 Bell service in| ing the service at the enter- 
erworld has learned. pistes insananate com which WorldCom | prise level and the full offering | 

According to in- will lease all the | will be released in September. 
ternal WorldCom documents ais needed equipment to the user The timing is interesting, 
obtained by Computerworld, | and route all the call traffic. | given that WorldCom is em- | 
the vendor is training its sales WorldCom launched WAN | broiled in a financial disaster 
force to sell a managed IP tele- | support for voice over IP calls | following revelations that it ar- | 
phony service that will run over tificially inflated revenue state- 


in 2001 and added VOIP to 
ments to woo investors. Ana- 
WINDOWS GETS lysts question whether the ven- 


dor can launch and support | 
such a service as it teeters on | 
Public, private sectors 
in collaborative effort 


BY MICHAEL MEEHAN 
Embattled telecommunications 
provider WorldCom Inc. is pre- 
paring to roll out a turnkey ser- 








White House recognition. And 
this support has made the 
benchmark’s creators hopeful 
that it could ultimately give pri- | 
vate- and public-sector users 
more leverage with vendors. 
What makes this particular 
benchmark unique is the cast 
of characters behind it. The 
major U.S. government agen- 
cies that deal with IT and secu- 
rity, such as the National Secu- ; = = 
rity Agency, the Defense Infor- 
mation Systems Agency and 
the General Services Adminis- 
tration, had a hand in crafting 
the benchmark, as did the Cen- 


It’s one of the gaping holes in project management: 

IT professionals and their business constituents rarely agree on the 
scope or goals of a project. That's why a growing number of companies 
outside the U.S. are adopting so-called extreme project management 
The methodology, which grew out of the extreme programming 
movement, forces project managers to leave the technology decisions to 
the tech team so they can focus on managing external stakeholders. 
Story begins on page 38. 
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the brink of bankruptcy. 


BY PATRICK THIBODEAU 
WASHINGTON 

Security benchmarks for oper- 
ating systems are typically ar- 
cane measures that get little 
public attention. But last 
week’s release of a security 
benchmark for Windows 2000 


| uary after spending 32 years at 


MICROSOFT EYES SUPPORT CHANGES = =: 


|  Microsoft’s Premier Support 
at Mi- | option, which is used by many 


of worldwide services 


Professional drew broad gov- 
ernment 
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backing, including 


ter for Internet Security, a non- 
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Licensing lessons spur 
alterations to program 


| BY CAROL SLIWA 


Microsoft Corp. is plotting 
changes to its Premier Support 
option and weighing a plan to 
package support services with 


} its volume licensing programs, 


a company executive disclosed 
to Computerworld last week. 
Mike Sinneck, vice president 





crosoft, said lessons the com- 
pany learned while introduc- 


| ing its controversial volume- | 


licensing programs served as a 
“very large catalyst” for the | 
support service changes that | 
are now under discussion. 
“Licensing created a large | 
need to come to grips with | 
what we need to change about 
our approach,” said Sinneck, | 
who joined Microsoft in Jan- | 


midsize and large businesses, 


| will be refreshed to “add more 


value for the existing cus- 
tomers for the same money,” 
Sinneck said. 

Less clear is the level of sup- 
port that Microsoft will bundle 
into the volume-licensing pro- 
gram it introduced 14 months 
ago. A key enrollment deadline 
for that program is July 31. 

Licensing, page 16 
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1 your software help keep your business up and running no matter what? 


Your company’s infrastructure is far too important to risk. That’s why our full range of business continuity solutions ensures you're 
able to handle anything. BrightStor™ storage solutions provide the most comprehensive data backup and recovery. eTrust™ security 
solutions provide total protection for your entire enterprise, not just pieces. And Unicenter infrastructure software keeps your whole 
business up and running 24 x7. As your business grows and becomes more complex, you need software solutions you can rely on. 


You may still not know what’s coming. But you will know you're prepared. ca.com/continuity 
y y' y' 


Business Continuity Solutions Computer Associates™ 


© 2002 Computer Associates International, Inc. (CA). All rights reserved 





ONLY THE STRONG SURVIVE 


Researchers such as Melanie 
Mitchell (left) are develop- 


ing ways to compute that 
look a lot like evolution. 
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NEWS 6 


6 HP is dropping out of the 
middleware market to focus on 
OpenView and other data center 
management products. 


7 Most administrators fail to 
patch systems for known vulnera- 
bilities, despite increased aware- 
ness of the risks, say hackers. 


8 Intel, IBM and three top cellular 
carriers join forces to expand wire- 
less LAN coverage. 


10 The White House unveiled 
the guiding principles for a cross- 
agency IT integration plan in the 
Office of Homeland Security last 
week. 


16 Microsoft renewed its financial 
and philosophical commitment to 
its extensive partner community at 
the company’s Fusion 2002 event. 


BREAKING NEWS 


For breaking news, updated twice daily, visit 


e QuickLink: a1510 
www.computerworld.com 





OFF-PEAK PORTAL 


A Web-based portal is help- 
ing Puget Sound Energy’s 
customers save money by 
switching to off-peak gas 
and electricity usage. The 
upshot: The Internet self- 


RESIDENTIAL TIME OF DAY RATE CHART 


vENIN 


service system has helped Puget reduce its workforce, and the utility antic- 
ipates a nine-year return on its $45 million investment through lowered 


costs and increased revenue. PAGE 40 
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TECHNOLOGY © 27 


27 Nicholas Petreley offers a 
quick and inexpensive way to 
block unwanted Internet content. 


30 Building Web services 
requires a service-oriented archi- 
tecture, clean XML data and well- 
defined business processes. Com- 
panies are now laying these foun- 
dations for success. 


32 Johnson Controls integrates 
applications from outside suppliers 
using a collaboration exchange 
through its corporate portal. 


35 QuickStudy: Unified messaging 
is the term for a system used to ac- 
cess e-mail, voice and fax mes- 
sages through a single common in- 
terface. Learn more in this week’s 
primer. 


36 Security Manager’s Journal: 
Mathias Thurman fine-tunes his 
company’s intrusion-detection sys- 
tem to reduce false alarms — and 
his workload. 


MANAGEMENT 37 


37 John Berry writes that when 
seeking approval for IT invest- 
ments, technology professionals 
should be as interested in when to 
measure as in how to measure. 


38 Extreme project management 
is a relatively new approach that’s 
aimed at forcing project leaders to 
focus on goals and get business end 
users fully engaged. 


44 Realistic RO! calculations 
require a proper governance sys- 
tem and procedures so business 
leaders can ask the right questions 
and continuously revisit them. 


46 Regional CTO clubs are pop- 
ping up around the U.S. as meeting 
places for wannabe and current 
chief technology officers to share 
their experiences. 


47 Career Adviser Fran Quittel 
counsels a business analyst who 
wants to work on an e-commerce 
initiative. 
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Patricia Keefe questions IT 
managers’ faith in struggling blue- 
chip vendors and suggests ways to 
protect data center operations 
when big suppliers burn out. 


Pimm Fox encounters an ideal 
way to use business intelligence in 
a distributed environment at an 
affiliate of Hyatt Corp. 


Paul Donnelly says that we 
should call the H-1B visa what it re- 
ally is: a government subsidy to 
business that runs counter to the 
interests of U.S. workers. 


Frank Hayes argues that secu- 
rity concerns won't entice users to 
purchase pricey configuration 
management tools. But those who 
need the most efficient software 
are the most likely buyers. 


Editorial/Letters 
How to Contact CW 
Company Index 
Shark Tank 
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NINE TIPS OF NOTE 


Planning to implement Web ser 
vices? Head online for a checklist 
of points to consider. 


QuickLink: 31366 


NEWS STRAIGHT T0 


YOUR IN-BOX 


Be sure not to miss any of the news 
you need, by signing up for our free 
daily and weekly e-mail newslet 
ters. You can get the latest news 
headlines and Shark ‘Tank delivered 
daily, as well as weekly newsletters 
on more than 20 subjects. 


QuickLink: a1430 


TOO MUCH XML 
OVERHEAD? 


Is the flexibility that XML offers 
coming at too high a cost in terms 
of the required overhead? Some 
online community members 
worry that XML usage will eat 

up too much storage space. 
What's your view? 


QuickLink: a2330 


WHAT'S ? 
A QUICKLINK? 
e On some pages in this issue 

you'll see a QuickLink code 
pointing to additional, related con 
tent on our Web site. Just enter that 
code into our QuickLink box online 
which you'll see at the top of each 
page on our site. 


Use QuickLinks to see related sto 
ries, discussion forums, research 
links, archives and more. 
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FDIC Criticized on 

IT Security Policies 

The Federal Deposit Insurance Corp. 
(FDIC) was faulted by the U.S. Gen- 
eral Accounting Office for systems 
access policies that give hundreds 
of end users privileges they don’t 
need, such as the ability to modify 
financial software and read, change 
and copy financial data. The FDIC 


said the GAO's findings will help 
improve its IT security. 


IBM Slims Cabling 
For Intel Servers 


IBM announced connectivity tech- 
nology that it said will let IT man- 
agers tie together up to 256 of its 
Intel-based xSeries servers while 
using fewer switches and much 
less cabling than is needed now. 
The Advanced Connectivity Tech- 
nology offering uses Category 5 
cables to daisy-chain groups of 

16 rack-mounted servers and sup- 
ports remote systems management. 
Pricing starts at $1,300, IBM said. 


Services Firm SBI 
To Buy Lante, Scient 


IT services firm SBI and Co. in Salt 
Lake City reached an agreement to 
acquire Lante Corp., a consulting 
firm in Chicago, for about $40 mil- 
lion in cash. The deal is expected to 
close this quarter. Earlier last week, 
SBI announced a deal to buy some 
of the assets of Scient Inc., a Web 
consulting firm in New York that 
filed for bankruptcy protection. 


Movie Studio Buys 
600 Workstations 


Intel Corp. today plans to announce 
that Industrial Light & Magic, the 
visual effects division of San Rafael, 
Calif.-based movie studio Lucas 
Digital Ltd., has bought 600 Pen- 
tium 4-based workstations for use 
in animation applications. Intel de- 
clined to identify the hardware ven- 
dor that’s supplying the systems. 





HP Confirms Exit of Middlewa 


NEWS 


Sets plan to drop app server, shift focus to 


OpenView and other management tools | 


BY JAIKUMAR VIJAYAN 


| As expected, Hewlett-Packard 


Co. last week said that it will 
discontinue selling its Java- 
based Netaction Application 
Server software and its Web 


| Services middleware suite. 


The company plans instead 


to increase its focus on and in- | 
| vestment in its HP OpenView, 


HP Utility Data Center and HP 
Opencall software suites. 
The idea is to “leverage and 


| add value” in areas where the 


company already has assets, 


experience and leadership, said | 


Nora Denzel, general manager 


| of HP’s software division, in a 
| statement. 


HP said it will continue 


| to develop products in the 


Web services management and 


| business activity management 


spaces. But it will rely on part- 


| ners to deliver the application 
| server and other pieces of the 


middleware stack 
To that end, the company re- 


cently announced a partner- | 


ship with BEA Systems Inc., 
whose WebLogic application 


| server package shares the top 


spot in the market with IBM’s 
WebSphere. 

BEA and HP plan to jointly 
market, sell and deliver inte- 
grated application server soft- 


| ware, hardware and services 
| across all HP operating sys- | 
| tems. HP said it intends to pur- 

| sue similar partnerships to de- 

| liver other middleware pieces. 


| Consequences for Customers 


HP’s decision to withdraw 


| from the middleware market 
| Came as no surprise. The com- | 


pany has said for some time 


| that it was reassessing its mid- | 
dleware portfolio and hinted | 

| last month that it was mulling 

| a pullout 


from the 
{QuickLink: 30405]. 


“bad news for us,” said Vince 


| Hunt, an executive vice presi- 
| dent at 


Altura International 
Inc., a Monterey, Calif.-based 


company that builds online 


market | 


| 
| 





shopping malls for customers 
such as Sunnyvale, Calif.-based 
Yahoo Inc. 

HP’s Netaction Application 


Server is a core part of Altura’s | 


software stack, and Hunt said 
that the vendor’s decision to 
withdraw it from the market 
will force his company to 
migrate to another application 
server product. 

“We saw the handwriting on 


the wall nine months ago when 


the HP/Compaq merger was 
under way, and we’ve been de- 
veloping our own application 


server since then,” Hunt said. | 


“Unfortunately, it looks like we 
will have to migrate to it faster 





re Market 


than we had hoped to.” 

HP’s decision runs some- 
what counter to the strategies 
being followed by rivals IBM 
and Sun Microsystems Inc., 
both of which are trying to add 
value by focusing heavily on 
their own middleware and ap- 
plication server capabilities, 
said Joyce Becknell, an analyst 
at The Sageza Group Inc. in 
Mountain View, Calif. 

“On the one hand, it is a little 
bit surprising that HP would 
want to walk away from this 
space,” Becknell said. 

But given the dominance of 


IBM and BEA in the applica- | 


tion server market, HP proba- 
bly figured that it would make 
more sense to simply partner 


with San Jose-based BEA than 


to spend the time and effort 
attempting to carve out its own 


Unisys Pursues High-End 
Market With Intel Servers 


Itanium 2 systems 
aim for data centers 


| BY JAIKUMAR VIJAYAN 

| The slow adoption rate being 
predicted for Intel Corp.’s | 
recently introduced 64-bit Ita- | 


nium 2 chip isn’t stopping 
some companies from rolling 
out high-end corporate sys- 
tems based on the technology. 
Blue Bell, Pa.-based Unisys 
Corp. last week introduced 
two Itanium 2 servers that it 
says deliver mainframe-class 
performance at a lower cost. 
The new Unisys Aries and 
Orion servers add to the com- 
pany’s ES7000 line of highly 
scalable Intel-based systems. 


lets 
users partition a multiproces- 
sor Intel server into multiple, 
smaller boxes and run mixed 
Unix and Windows workloads 
on the machine. 

The 32-processor Orion se- 


| The servers are built around | 
Unisys’ Cellular Multi-Process- | 
| ing architecture, which 
Still, the announcement is | 





ries is the higher end of the 
two server lines announced 
by Unisys and comes with 
high-availability features such 


| as redundant memory, proces- 


sor and management consoles, 
and two isolated power and 
cooling systems. The Orion 


series is tuned to compete in | 


s 4 
Unisys’ Systems 
ES7000 ORION 130 
= Up to 32 Itanium 2 processors 
in two independent domains of 
16 processors 


= Up to 64GB of memory per 
domain 


= Up to 64 internal |/0 slots 


= Features Server Sentinel plat- 
form management software 


Seow ereeseseereseeseesesees 


ES7000 ARIES 130 

= Up to 16 Itanium 2 processors 
mUpto646Botmemory 
=Up to 161/O slots 

= Features Server Sentinel plat- 
form management 
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three areas; 


niche, Becknell added. 

HP, which will continue to 
support its discontinued mid- 
dleware for another three years, 
said it will provide transition 
program details for customers 
by Sept. 15.3 


the traditional high-end Unix 
server market against products 
such as IBM’s pSeries servers 
and Sun Microsystems Inc.’s 
UltraSPARC II-based systems, 


said Mark Feverston, a senior 
| 


vice president in Unisys’ enter- 
prise server group. 

“The performance is much 
better than first-generation Ita- 
nium and is very competitive 
with RISC processors from 


| IBM and Sun,” said Richard 


Fichera, an analyst at Giga In- 
formation Group Inc. in Cam- 
bridge, Mass. 

Pricing for the Orion server 
starts at about $140,000 and 
tops out at less than $800,000 
for a fully configured system — 
considerably less than the 
$1 million or more that high-end 
Unix servers from other ven- 
dors cost, according to analysts. 

“This 64-bit platform is truly 
a step above Intel’s first Itani- 
um. I think it at least equals or 
betters the offerings on the 
Unix side,” said George Narr, 
CIO at PolyMedica Corp., a 
Woburn, Mass.-based medical 
products and services firm. 

PolyMedica will be taking 
delivery of a new Orion server 
shortly and is hoping to get 
at least a 40% performance 
boost over its current ES7000 
servers, Narr said. D 
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NEWS 


Corporate America 
Is Lazy, Say Hackers 


Vandalism of USA Today site a warning | 


BY DAN VERTON 
HEN A group 
of Web van- 
dals hacked 
into USA To- 
day’s Web 
site July ll and inserted false 
news stories, the Internet se- 
curity community got a taste of 
how serious Web page deface- 
ments can be. 
While most security profes- 
sionals consider Web page de- 


facements nothing more than a | 


nuisance, hackers and analysts 
said the newspaper got off 
easy. Subtle changes to the site 
could have been much more 


Survey Finds Sites 


According to a recent study, corpo- 
rate risk management policies are 
rarely being applied to Web assets, 
which can lead to problems such as 
those experienced by USA Today 
earlier this month. 


damaging, they said. In addi- 
tion, the hack demonstrates 


Web sites as a result of poor 
administration. 

Although the defacement led 
to only minor downtime for 
USA Today’s Web site, compa- 
nies should fear the economic 
ramifications of such hacks, 
said Peggy Weigle, 
Sanctum Inc., a security con- 
sultancy in Santa Clara, Calif. 

“Imagine a press release be- 
ing posted that says the CEO 
and CFO are resigning due to 
undisclosed ethical or finan- 
cial concerns. The stock price 


Lack Risk Policies 

| Watchfire Corp., a Web manage- 
ment firm in Lexington, Mass., and 
Hewlett-Packard Co. last week re- 
leased the results of a survey that 
asked IT managers and business 
executives at 600 companies of all 





the continued vulnerability of 


CEO of 





would likely plummet immedi- 
ately,” said Weigle. Companies 


should always audit Web appli- | 


cations before “taking them 
live” on the Internet, she said. 


Hackers Find Open Doors 


that 90% of all attacks stem 
from poor configuration and 


administrators that do not con- | 
sistently update the software | 


they use,” said EPiC, the leader 
of a white hat hacker group 
known as Hack3r.com. 


A hacker who goes by the | 


nickname Hackah Jak agreed. “I 


can in minutes code a scanner | 
for 2-year- | 
he | 


to scan the Internet 
old known vulnerabilities,” 
said. “I’ve hit a lot of worksta- 


sizes about their companies’ Web 
site risk management policies and 
practices. The survey found that: 

@ More than 80% of respon- 
dents ranked Web site security as 
the most critical issue, followed by 
privacy and accessibility. 

# Most organizations’ risk man- 
agement policies and practices 





Aspelle Aims to Give Remote 
Workers Secure App Access 


Start-up’s software 
opens up systems 
to browser users 


BY JAIKUMAR VIJAYAN 

New York-based start-up As- 
pelle Ltd. this week will formal- 
ly launch a software package 
aimed at letting remote work- 
ers securely access all of their 
companies’ Web or host-based 
applications from anywhere, 
using just a browser. 

Called Aspelle Everywhere, 
the software was originally de- 
veloped for internal use by in- 
vestment banking firm Dresd- 
ner Kleinwort Wasserstein with 


| help from Microsoft Corp. New 
York-based Dresdner decided 
to spin the technology off into 
a commercial product and As- 
pelle now operates as an inde- 
| pendent company. 

What separates the technol- 
ogy from others in its category 
is its ease of implementation 
and the wide range of applica- 
tions and services that can be 
remotely accessed with it, said 


of technology at Aspelle. 
Remote users who want ac- 
cess to enterprise applications 
simply log on to a portal site. 
They’re authenticated there and 
then passed on to another Web 
page, where they are presented 





| vide 


Simon Johnson, vice president | 
| user via Seattle-based WRQ | 





with the applications they’re 
authorized to use. 

Other vendors, such as Neo- 
teris Inc. 
‘'arantella Inc. in 
Calif., offer vary- 


their products from the ground 
up to provide both secure ac- 
cess and remote connectivity, 
said Sally Hudson, an analyst 
at IDC in Framingham, Mass. 
Aspelle Everywhere uses 
Windows Terminal 
and Citrix Systems 
MetaFrame software to 
remote access 
cations are presented to the 


or software 
Fla.- 


Inc.’s Reflection 


from Fort Lauderdale, 


| based Citrix. Applications run- | 
| 


ning on systems such as main- 
frames and IBM AS/400s (now 
called iSeries servers) are ac- 





in Mountain View, | 
| Calif., and T 
| Santa Cruz, 
| ing degrees of the same capa- 
| bility, but few have designed 


Services | 
Inc.’s | 
pro- | 
to Win- | 
| dows applications. Unix appli- 


tions this way and then worked 


my way through the network to | 
the server.” 


A hacker nicknamed RaFa 


| was the leader of the World of | 
Hell defacement group, which | 
| racked up thousands of Web 
dis- | 
banding last year. He said that | 


site defacements before 


in addition to making simple 
configuration mistakes, most 


| administrators don’t keep up 
| with the updates and patches 
| released by software vendors. 

“We found in our auditing | 


“They don’t update services 
running on the system, and they 


set up permissions and software | 


settings the wrong way on the 
Web server,” said RaFa. 
However, the real problem 
isn’t laziness; it’s trust, 
Genocide, the leader of 
Genocide2600 


tems are secure, he said. 


“That is their first and biggest | 


mistake,” Genocide said. D 


haven't kept pace with the burgeon- 
ing use of Web sites. 

@ Although companies are con- 
cerned about risk, some aren't clear 
as to what those risks are. 

= Many companies that are cog- 
nizant of the risks haven't yet com- 
mitted the resources to extend their 
corporate risk management program 


cessed using WRQ Reflection. 

Aspelle Everywhere 
128-bit Secure Sockets Layer 
(SSL) encryption to secure ac- 


uses 


cess. It supports a variety of | 


user authentication methods, 
including user names and pass- 
words, X.509-based digital cer- 


Everywhere 


# Provides secure remote access 
to enterprise applications. 

No client-side installation required 
companies just have to install some 
server-side software 

No firewall interference: All applica 
tions remain behind the enterprise's 
firewall, keeping only standard Inter- 


as ‘SSL X 509 digital certificates, 
RSA SecurlD, HTTP, HTTPS, 3270 
and 5250 emulation, and VT/Telnet 


Ways to Protect 
Web Content 


| Flare no ga 


DEPLOY digital rights 
management software. 


SUBSCRIBE to automated 
security/patch notification 
services for the software ven- 
dors you do business with. 





said | 
the | 
hacker group. | 
Most administrators and man- | 
agers simply trust that their sys- | 


| tificates 


AUDIT Web server configu- 
rations, applications, guest 
accounts and user permis- 
sions before going live. 
CONSIDER content man- 
agement software that offers 


digital hashing of HTML 
documents and images. 


SOURCES: BILL MALIN, AN ANALYST AT 
KPMG LLP IN STAMFORD, CONN... AND 
KEITH MORGAN, CHIEF OF INFORMATION 
Smeinere AT TERRADON 

iS GROUP LLC IN NITRO. W.VA. 


to the corporate Web site. 

@ While organizations acknow- 
edge the need for security, the com- 
plexity of Web sites and the under- 
lying computing infrastructure (Web 
applications, servers and networks) 
makes it difficult to proactively iden- 
tify and fix security holes. 

~- Dan Verton 


and SecurID technol- 
ogy from RSA Security Inc. in 


| Bedford, Mass. 


An SSL-based technology like 
Aspelle’s “really fits the bill” 
) it comes to providing 
remote access to corporate 
e-mail applications and for 
file-sharing purposes, said Jeff 
Philips, an analyst at Tele- 
| Choice Inc. in Tulsa, Okla. 
Unlike virtual private net- 
| works (VPN) and other IPsec- 
| based remote access tools that 
| tie users to specific machines, 
| the SSL approach used by As- 
| pelle and Neoteris provides 
| more flexibility, he said. 
| “But it is unlikely that acom- 
| pany’s finance department will 
| send information back and 
| forth regarding its end-of-year 
| numbers SSL,” Philips 
| said. For that, it would likely 
rely on something like a VPN, 
| which provides more robust 
security, he added. D 


over 
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Intel, IBM Push for 


Public Wireless LAN 


Plans for nationwide Wi-Fi network 
being developed with cellular carriers 


BY BOB BREWIN 


NTEL CORP. AND IBM are 


using their technology 
and investment muscles 


to push the development | 


of a nationwide public- 
access wireless LAN. 


According to reports last | 


week, Intel, IBM and three of 
the nation’s largest 
carriers have begun discus- 
sions to form a separate com- 


cellular | 


pany that would provide na- | 


tionwide high-speed wireless 
data based on 


services 


the | 


802.l1b, or Wi-Fi, wireless LAN | 
standard. The effort is called | 


Project Rainbow. 


| be 
Rainbow talks include AT&T | 


Laura Anderson, a spokes- | 


woman for Intel Capital, Intel’s 
investment arm, declined to 
comment directly on Project 
Rainbow but said that the com- 


pany views the development of | 


a nationwide 
wireless LAN “as an interest- 


public-access | 


ing area.” She added that Intel 
Capital is considering invest- 
ments in “a couple of compa- 
nies that can put wireless 
LANs together to make them 
into a wireless WAN.” 


IBM, which also declined to | 


comment on Project Rainbow, 


already offers a product it calls | 


the Everywhere Wireless Gate- 
way, which lets users roam from 
cellular to wireless LANs. Ana- 


lysts said this is an essential ar- | 


chitectural element for any 
cellular company considering 
a move into wireless LANs. 


The cellular carriers said to 


involved in the Project 


Wireless Services Inc. in Red- | 
mond, Wash., Cingular Wire- | 


less in Atlanta and Verizon 
Wireless in Bedminster, N_J. 
All three declined to comment. 

But Mark Siegel, an AT&T 


spokesman, said 


Microsoft Plans Foray Into 
Home WLAN Device Market 


| ingham, Mass., has predicted 


Move could create 
security problems 
for corporate IT 


BY BOB BREWIN 


| that the installed base of wire- | 


| wireless 


Microsoft Corp.'s plan to enter | 
the consumer wireless LAN | 
market in the fall bodes ill for | 
IT managers concerned with | 


securing and managing their 
network access points, ana- 
lysts said last week. 


less LAN cards will reach 100 
million units by 2004. 

But widespread growth of 
the home and public-access 
LAN markets will 
only mean headaches for IT 
managers, who will likely en- 
counter more unauthorized 
and insecure access points set 
up without their knowledge by 


| employees, said Chris Kozup, 


According to Craig Mathias, 


an analyst at Farpoint Group in 
Ashland, Mass., Microsoft’s ar- 
rival will only add fuel to an ex- 
ploding market. IDC in Fram- 


| 
| 


an analyst at Meta Group Inc. 
in Stamford, Conn. In addition, 
he said users will have to 
scramble to integrate home 
and road wireless LAN use 
with corporate networks. 


Wi-Fi is | 


| viewed “as a complementary 
| technology for us, and we are 
| looking to see where it fits in.” 
Craig Mathias, an analyst at 
Farpoint Group in Ashland, 
Mass., said he has no doubt 
that one or more cellular carri- 
ers will launch 
public-access wireless LANs. 
“We could have as many as five 
networks,” he said. 


Welcome Additions 


the Wireless Ethernet Compat- 
| ibility Alliance, an industry 
trade group in Mountain View, 
Calf., said that large, 
heeled players are needed to 
| fully develop the pubic-access 
| wireless LAN market. 

“Right now, coverage is sort 
of spotty,” Eaton said, adding 
that the problem could be re- 





work backed by cellular carri- 
ers and equipment manufac- 
turers. Any such _ network 
would take at least two years to 
develop and deploy, he added. 
Intel Capital has already 


Microsoft posted some ini- 
tial information about its home 


| Web site this month but de- 


| until it introduces the 
has learned that the company 
plans to build the devices 
around chip sets manufactured 
| by Intersil Corp., in Irvine, 


Microsoft Home 
WLAN Hardware 


= Microsoft's WLAN products use 
the 802.11b chip set from Intersil 
and hardware manufactured by 


Accton Technology. 


point/router, PC card and USB 
adapter have been certified to 
meet Wi-Fi standards. 





nationwide | 


Dennis Eaton, chairman of | 


well- | 


solved by a nationwide net- | 


| wireless LAN hardware on its | 
: : | 
clined to provide more details 


products. But Computerworld | 


made investments in six wire- 
less LAN start-up companies, 
Anderson said, and it intends 
to continue making invest- 
ments in emerging wireless 
| technologies. Two of the com- 
panies, STSN Inc. in Salt Lake 
City and iPass Inc. in Redwood 
Shores, Calif., are focused on 
the public-access 
LAN market, Anderson said. 

IPass provides global, re- 
mote access to enterprises and 
currently offers its users ac- 
cess to 120,000 dial-up and ho- 
tel room Ethernet connections 
and 400 wireless LAN “hot 
spots” worldwide, according to 
spokesman John Sidline. 

When asked about Project 
Rainbow, Jon Russo, vice presi- 
dent for marketing at iPass, 
said he expects “larger compa- 
nies to join a market currently 
dominated by smaller start- 
ups, which are currently dri- 
ving growth in this industry.” 

Christian Gunning, a spokes- 
| man for Boingo Wireless Inc. 
in Santa Monica, Calif., which 
| offers public-access wireless 
LAN service in a few areas, 
said his company welcomes 
Project Rainbow. 

“We think the concept is 


that large companies are taking 
an active interest in Wi-Fi is 
good for the industry.” D 





Calif., with Microsoft-branded 
hardware built by Accton Tech- 
nology Corp. in Singapore. 

A short list of the Microsoft 
products that have already 
gained Wi-Fi certification has 
been posted on the Web site 
operated by the Wireless Eth- 
ernet Compatibility Alliance, a 
nonprofit trade association in 
Mountain View, Calif. The site 
| shows that Microsoft has al- 
| ready obtained certification 
for a home networking access 
point/router, a home network- 
ing PC card and a home net- 
| working Universal Serial Bus 
(USB) adapter. 

Sources familiar with the 
project who declined to be 


plans. John Allen, an Intersil 
spokesman, referred questions 
about the deal to Microsoft. 
The decision marks a shift 
from Microsoft’s long-standing 





wireless | 


great,” Gunning said. “Any sign | 





named confirmed Microsoft’s | 
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intel Capital’s 
Wireless Bets 


BLUESOCKET INC. 
www.bluesocket.com 
Burlington, Mass. 

@ Wireless gateways 


Seer ereesesesessesessesece 


INTERLINK NETWORKS INC. 
www.interlinknetworks.com 
Ann Arbor, Mich 

@ Wireless LAN access authentica- 
tion and authorization software 


Co eerereeseeseseeseseesese 


IPASS INC. 
www.ipass.com/main.php 
Redwood Shores, Calif. 

® Has 16,000 dial-up and 104,000 
hotel room Ethernet connections, plus 
400 wireless LAN Points of Presence 


Poe eereesesescseessesescsees 


NOMADIX INC. 
www.nomadix.com 

Westlake Village, Calif. 

@ Network configuration software 
and subscriber/user gateways 


Pee e recesses ceseseeeseeeee 


STSN INC. 
www.stsn.com/index.html 
Salt Lake City 

@ Broadband access for hotels 


Co eeeeeesseceseseseeserese 


TRANSAT TECHNOLOGIES INC. 
www.transat-tech.com 
Southlake, Texas 

@ Network authentication and 
billing software 


relationship with Intel Corp., 
which has developed the chips 
that power Microsoft’s desktop 
and server software. 

“This could be huge for In- 
tersil,” said Weston Henderek, 
an analyst at ARS Inc. in La Jol- 
la, Calif. 

Wireless LAN products op- 
erating under the Wi-Fi, or 
802.llb, standard provide 1IM 
bit/sec. connectivity; those op- 
erating under the 802.lla stan- 
dard offer transmission rates 
of 54M bit/sec. Microsoft said 
it plans to sell products based 
on 802.11b, but Intersil and Ac- 
cton also offer 802.lla prod- 
ucts, providing an easy future 
migration path for Microsoft. D 
PLAYING IT SAFE 
Read about new security tools that beef up 
companies’ wireless LAN protection. 


e QuickLink: 31504 


computerworld.com 





racle vs. BEA | 
eb Services 


Features Oracle 


Model Web Services 

Develop EJB for Building Web Services 

Develop JSP & Serviets for Building Web Services 
Debug Remote Web Services 

Profile Web Services Performance 

Optimize Web Services Code 

Validate XML for Web Services 

Support Web Services Team Development 


Deploy Web Services to: WebLogic Only Any J2EE Server 


Oracle is #1 in Web Services 


ORACLE 


oracle.com/ad 
or call 1.800.633.1072 





Microsoft's Income, 
Revenue Up in Q4 


Microsoft Corp. reported net income 
of $1.53 billion for its fourth quarter 
ended June 30, up from the year- 
earlier total of $65 million. Both 
figures were reduced by charges 
related to investment losses, which 
totaled $617 million in the just- 
finished quarter and $2.6 billion a 
year ago. Microsoft said Q4 revenue 
was $7.25 billion, up 10% from 
$6.58 billion a year ago. Analysts 
attributed the growth to purchases 
made to meet a July 31 licensing 
deadline [QuickLink: 30803]. 


Sun Ekes Out Profit; 
Others Still Struggling 


Sun Microsystems Inc. narrowly 
returned to the black in its fourth 
quarter ended June 30, reporting 
a $28 million profit despite a 13% 
drop in revenue to $3.4 billion. But 
IBM, SAP AG, EMC Corp., Intel 
Corp., PeopleSoft Inc. and Siebel 
Systems Inc. ali reported lower re- 
sults year-over-year for the latest 
quarter. Details can be found on our 
Web site [QuickLink: a1150}. 


(PREPARA REE, OBI 


EMC, HP to Share 
Storage Interfaces 


EMC and Hewlett-Packard Co. said 
they’re expanding a deal under which 
the storage rivals will cross-license 
some of their application program- 
ming interfaces. The agreement 
paves the way for Hopkinton, Mass.- 
based EMC and HP to develop stor- 
age management applications that 
can control each other’s devices. 


Short Takes 


HP fired or suspended about 150 
employees in the U.K. for violating 
its e-mail system usage policy. . . . 
MCAFEE.COM CORP. in Sunnyvale, 
Calif., recommended that share- 
holders who own 25% of its stock 
reject the latest buyout bid by ma- 
jority owner NETWORK ASSOCI- 
ATES INC. in Santa Clara, Calif. 


| in trouble,” 


| senior director for information | 


| integration and CIO for the 


| do, 


| tional boundaries,” 
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Homeland Security 
CIO Digs Into Strategy : 


Says ‘huge change-mar management initiative’ 
will be necessary for IT to help the cause 


| BY DAN VERTON 


WASHINGTON 
HE BUSH adminis- 
tration’s CIO for 
homeland security 
initiatives laid out 
last week what he 
described as an integrated IT 
plan designed to improve areas 


| such as_ information-sharing, 
| data management and privacy. 
on the | 


“If we focus only 
technology, we’re going to be 


said Steve Cooper, 


Office of Homeland Security 
in Washington. 
And Cooper should know. 


Formerly CIO at Corning Inc. | 
| in Corning, N.Y., Cooper held a | 


number of senior-level IT 


management positions before | 
Bush administra- | 
tion in March. He also previ- | 
| ously worked as director of IT 

| at Eli 


joining the 


Lilly and Co. in Indi- 
anapolis and held senior-level 


technical positions at Comput- 


| er Sciences Corp. in El Segun- 
and CACI Interna- | 


Calif., 


tional Inc. in Arlington, Va. 


| Big Consolidation 


“Unless there is 


. the resulting IT enablement 
won't link beyond the organiza- 


er, referring to the 22 federal 


| agencies that would be consoli- 
| dated under President Bush’s | 
| proposal to create 


a cabinet- 


| level Department of Homeland 


Security. “What we're 
management initiative.” 
Cooper is steering what has 


been described as one of the 
| biggest initiatives of its kind, 
| using what he called “five guid- | 
| ing principles.” 


Those princi- 
ples include a focus on privacy, 
integration of the private sec- 


an overall | 
charter and a business strategy 


said Coop- | 


| at three years from now. 
| June 2004 is still too long to 


tor and state and local govern- 


| ments, data capture and reuse, 
the establishment of databases | 


of record, and the leveraging of 
work that’s already under way 
to create a single federal enter- 
prise architecture. 

Howard Schmidt, vice chair- 


man of the President’s Critical | 


Infrastructure Protection Board 
and formerly chief security of- 





ficer at Microsoft Corp., credit- | 


ed Cooper and his colleagues 
with establishing an “entrepre- 
neurial mind-set” within the 


new office. Schmidt, who’s 


| working with the private sector | 
| to meet a September deadline | 


for releasing the national cyber- 
security portion of the presi- 


| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 


dent’s homeland security plan, | 


also said that more research 


| and development are needed 


on issues related to IT security. 

Cooper agreed, adding that 
the federal government will 
need to weigh in on research 
and development and on pilot 
projects that the private sector 
and state and local govern- 
ments can’t afford to get off the 
ground. “In a lot of key areas, 
we need to provide a lead role, 
which translates to ‘Yes, there 
needs to be initial funding,’” 
he said. 

Many of the independent pi- 
lot projects in homeland secu- 
rity will eventually fall under 
the Homeland Security De- 
partment, said Cooper. Those, 
such as the ones now under 
way at airports and seaports 
around the country, will be 
added to the list of projects be- 
ing planned by Cooper’s office, 
he said. 


Bi Expects Two-Year Wait 


Will take ‘extremely 
long time,’ despite 


| 
| 
| 
| 
| 
| 


aggressive effort | 


BY PATRICK THIBODEAU 
WASHINGTON 


The FBI is moving aggressively 
to replace an antiquated com- 


screens, 


| awfully long time, 


| puter system that uses green | 
but it will still take | 


two years to complete the proj- | 


ate committee last week. 

The two-year estimate is bet- 
ter than the original timeline, 
which put the completion date 
But 


wait, said Sen. Charles Schumer 


ate Judiciary Committee’s Sub- 
committee on Administrative 


| ect, a bureau official told a Sen- | 
really | 
| trying to do is a huge change- 


| (D-NY.), chairman of the Sen- | 





To Replace Old Computers 


Oversight and the Courts 
“Given that this should be 


| one of the highest priorities 
that America has, it’s still going 


to take us a couple of years,” 
said Schumer. “It seems like an 


important this is.” 


Starting Points 


Sherry Higgins, who was ap- 
pointed in March to head the 
FBI’s IT upgrade 
called Trilogy, agreed that it 
was an “extremely long time” 
but said, 
takes a longer time than to just 
get a solution.” 

The FBI was 
working to get some upgrades 
completed quickly, including 


nonetheless 


one to improve the ability of 


agents to search databases. The 
FBI system’s search engine 


given how | 
| tems architecture will 
| tate interoperability. 


initiative, | 
| tors. 


“The right solution | 





COMPUTERWORLD July 22, 2002 


Planned Federal 
Pilot Projects 


1. 0 E criminal 
and terrorist watch lists. 


2. CREATE a haiitasi security 
porta! to focus on the protection 
of critical infrastructure. 


3. H acoalition of law 
enforcement agencies to share 
information. Ten states, led by 

the Florida Department of Law 
Enforcement, will collaborate with 
federal agencies on data mining 
and information-sharing. 


Some of these so-called 
pathfinder projects, which will 


| be designed to run for three to 


six months, will focus on 
emerging technologies and 
may also be initiated and man- 
aged by state and local govern- 
ments with the direct assis- 
tance of the White House’s 
homeland security office, said 
Cooper. “Our leadership role is 
ensuring that pilot projects 
organizational bound- 
aries,” he said. D 


cross 


can’t handle complex searches 
with multiple words. 
One obstacle to a speedy im- 


| plementation is a lack of doc- 


umentation for existing sys- 


| tems, Higgins said. 


The FBI’s effort would also 
link all of its major criminal 
databases, and Higgins, 
mer senior IT executive at 
Lucent Technologies Inc. in 
Murray Hill, NJ., said talks are 
under way with other federal 
agencies to ensure that the sys- 
facili- 


a for- 


Schumer also called for a pri- 
vate-sector advisory board, 
comparing it to the type of 
oversight now sought for audi- 
“It’s good for the accoun- 
tants to have somebody else 
looking over their shoulders, 
giving advice,” he said. Higgins 
said she “totally supports” that 
idea, as does the FBI director. 

The FBI is receiving about 
$507 million for IT in this fiscal 
year, an increase of 127% from 
the previous year’s budget of 
$223 million. D 
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P’s ultra-reliable rp7410 and rp8400 midrange 
UNIX® servers. 


HP midrange servers, running the industry-leading HP-UX 
Operating Environment, are the dependable choice for your 
computing needs. They are a powerful consolidation solution, 
and with the lowest total cost of ownership in the midrange 
server space, you'll significantly reduce costs in hardware, 
management and administration. And since the rp7410 and 
rp8400 are in the market for the long haul, and are the only 
midrange servers available today that can upgrade to the 
future Intel” Itanium" Processor Family, they are truly the 
servers of the future 


[ Find out why HP has been the market share leader 
since 1997. Visit www.hp.com/large/midrange and 
request your free HP Midrange UNIX Server white 
papers now. } 


© | 


invent 


Midrange UNIX server market share leader according to International Data Corporation (IDC)’s Quarterly Server Tracker, Q@4CY2001, published Mo 8, 2002. IDC uses price points to differentiate servers in 
is $100,000 - $1 million) and high-end (which is $1 million and above). intel a ltanium are registered ecadients ks of the Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a r 
in the U.S. ©2002 HewlettPackard Company. All rights reserved. 
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2d trademark of The Open Group. Offer good only 











Public Health IT 
Needs $1B in Funding 


Experts call emergency funding of $109M 
a down payment, say long effort required 


BY BOB BREWIN 
VEN THOUGH Con- 
gress pumped an ex- 
tra $109 million into 
the public health IT 
infrastructure in this 

year’s federal budget, the na- 
tion’s state and local public 
health departments need at 
least 10 times that to meet an- 
ticipated demands. 


It will take at least $1 bil- | 
lion in funding over 15 years to | 


deploy networks and informa- 
tion systems designed to coor- 
dinate responses to a_ bio- 
terrorism attack or major epi- 
demic, according to federal 
and state public health officials. 

The Centers for Disease 
Control and Prevention (CDC) 
in Atlanta expects to use the 





emergency funding within the | 


next year to connect state and 
local public departments serv- 


| ing 90% of the population to 


the nationwide CDC-managed 
Health Alert Network (HAN). 
That will be an improvement 


| from March 2001, when the 
| CDC put out a report that com- 


pared the U.S.’s public health 
IT infrastructure to a “pony ex- 


press system” that relied on pa- | 


Health Alert Network Facts and Figures 


$109 million was added to the CDC's IT budget for HAN, as well as for 
computer and information systems. The agency also included $34 million 


in its regular budget for HAN. 


HAN within months will provide high-speed Internet connections to 
state and local public health departments serving 90% of the population. 


HAN will also provide e-mail and online training services, including 
distance-learning systems that use desktop video. 


Telecommuting Seen as 
Possible Boon to Economy 


Commerce Dept., IT 
firms push adoption 


BY PATRICK THIBODEAU 
WASHINGTON 
In an effort to improve slug- 
gish broadband adoption na- 
tionally, high-tech firms want 
companies to let workers tele- 
work telecommute 
way to improve productivity, 
reduce costs and encourage 
baby boomer employees near- 
ing retirement to remain in the 
workforce. 

The initiative has the back- 
ing of the Department of Com- 


or as a 


| 
| 
| 
| 
| 
| 


| Commerce Department. Tele- | 


“Broadband deployment and 


| usage will define the global 


winners and losers in the 21st 
century,” said Bruce Mehlman, 
an assistant secretary at the 


} commuting “is really the killer | 
app right now that’s out there | 
| for home broadband use.” 


| holds utilize it. Encouraging | 


Although broadband reach- 
es some 90% of the U.S. popu- 
lation, only about 12% of house- 


| telework could help other in- 
| dustries delivering broadband 


| services, such as videoconfer- | 


| encing and leisure-time con- 
| tent, say advocates. 


merce, which views broadband | 


usage as an integral part of U.S. 
economic development. 


Harris Miller, president of 


the Information Technology 
Association of America (ITAA) 





~ NEWS 


per reports and phone calls in 
an Internet world. When the 
report was released, only about 
half of the country’s 59 state 
and territorial health depart- 
ments and 6,000 local health 
boards had full-time Internet 
connectivity, and another 20% 
lacked e-mail. 

Dr. Ed Baker, an assistant 
surgeon general in the U.S. 
Public Health Service who 
manages the CDC’s Public 
Health Practice Office, called 
the $109 million in supplemen- 
tal funding a modest invest- 





| “will cause a major bump” in | 





e | 
the number of broadband users. 


Mehlman attended a news 
conference last week to dis- 


| cuss the benefits of telework 


with officials from the ITAA 
and several leading high-tech 
firms, including AT&T Corp., 
Corning Inc., Siemens Infor- 
mation and Communication 
Networks Inc. and American 
Management Systems Inc. 
Braden Allenby, a vice pres- 
ident at AT&T, said telecom- 
muting policies have saved his 


| company $25 million in real es- 


tate costs. “We just sold our 


don’t need it anymore,” he said. 
AT&T also esiiimates work- 


| force productivity gains of 
| about $65 million, primarily 


the result of time saved by 
employees not having to drive 


| to work. A survey of AT&T 


in Arlington, Va., said telework | 


workers in the Washington 
area found that about 800, or 
60%, of the company’s 1,400 





managers work from home at 


ment in the public health IT 
infrastructure, whose capital 
costs he estimated at $1 billion 
plus “ongoing costs for main- 
taining and improving it.” 

Dr. Georges Benjamin, sec- 
retary of the Maryland Depart- 
ment of Health and Mental Hy- 
giene, considers the emer- 
gency funding a down pay- 
ment. “This is just the first 
wave of funding. It’s going to 
take a long and sustained effort 
to make it work,” he said. 

Benjamin, who also serves as 
president of the Association of 
State and Territorial Health Of- 
ficials (ASHTO) in Washing- 
ton, said it “will take 15 years to 
put these [public health IT] 
systems in place.” 

The population-based distri- 
bution of the IT infrastructure 
funds by the CDC works to the 
detriment of rural states such 
as Iowa. Dr. Patricia Quinlisk, 
Iowa’s epidemiologist, said she 
is still using the postal system 
to send lab reports. But, she 
added, the new funding will 
provide Iowa with “desperate- 
ly needed resources” for IT in- 
frastructure. 

Baker emphasized that HAN 
is far more than a computer 
network: It’s designed to de- 


least occasionally. Those em- 
ployees split the time they gain 
by not having to drive into 
work between work and per- 
sonal activities, said Allenby. 
“Teleworkers are very enthu- 
siastic about teleworking, and 
so are their families,” said Al- 
lenby, adding that 82% said 
telecommuting helps them bet- 


| ter balance work and family. 


Retention is also critical, es- 
pecially as baby boomers begin 
retiring, he added. Telecom- 
muting lets older employees 
work on their terms and may 


| keep them on the job, he said. 
corporate headquarters — we | 


John Jay, broadband market 


| manager at Corning in Corn- 


ing, N.Y., said telecommuters’ 
better quality of life “enhances 
our recruiting position.” 

A national survey of 1,000 
registered voters released last 
week (see chart) found that 


| 20% spent 30 to 60 minutes per 


day commuting, 7% spent from 
60 to 90 minutes, and 10% 
spent more than 90 minutes. D 
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liver critical information to 
public health care profession- 
als to help battle everything 
from food poisoning to anthrax 
attacks. Computer-based train- 
ing and video to the desktop are 
essential to this effort, he said. 


Data on the Fly 


HAN funding is also used to 
deploy graphical systems that 
present information in ways 
that can be quickly grasped by 
harried doctors in the midst 
of a crisis, according to Elana 
Knudsen-Buresh, senior direc- 
tor of public health infrastruc- 
ture policy at ASHTO. 

Benjamin said such tools 
will help boost the capabilities 
of public health departments, 
which have struggled with in- 
adequate systems for years. 
However, in order to ensure 
that agencies get the systems 
they need, Congress must keep 
the funds flowing, he said. 

Last October’s anthrax at- 
tacks highlighted the impor- 
tance of public health agencies 
and their need for advanced 
technology. But Benjamin said 
he’s worried the funding could 
disappear once again, “because 
we are a nation with a very 
short memory.” D 


The Telelife 


A survey of 1,000 registered 
voters found respondents 
split in their attitudes 
toward telecommuting: 


If you had a choice of higher 
salary or an option to tele- 
commute, which would you 
likely take? 

Higher salary 47% 
Telecommuting 36% 
Depends on salaryamount 7% 


Don't know 10% 


Would telecommuting improve 
work quality, productivity?* 

Agree 46% 
Disagree 39% 
Don't know 14% 


ee eeeeeeererersereeesesesses 


Would telecommuting make 
you a better parent or spouse? 
Yes 43% 


No 46% 


Don’t know 11% 
*Figures rounded 





Frequently asked question / «//re:: FAQ 


It’s the question we hear tly: h a 1 leverage your investment in exist 
not r new technology? Answer: The Sprint network boasts seam 
between IP. frame relay and ATM platforms — just wha 1 need to help take advantage of curr 


while migrating to new technology 


Anytime to virtually anywhere connectivity 


We're the only telecommunications provider that 
your critical data applications We can help yo 


real-time mobile data solutions 


d it — in the office or on the road 


“Any to any” connectivity 

We've also engineered a network solution 

security of frarne relay. It’s called Internet Protocol Intelligent Frame Re et's just call it IPiFR), and it j 
on a flexible router architecture that can run o 

What this can give you is VPN services that (1 

maintaining predictable scalability 

your existing infrastructure or adding significant cost 


Get more from existing technology and get ready 


people who make it work (for you) 


For more answers, visit our complete library of downloadable white papers 


at sprint.com/whitepapers/13 or call 1-877-604-1844. | 
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| SIA’s equivalent in that coun- 
TO S e x {- ad | try. But the problem is that 
| Japan is 12 hours ahead of the 


e | US., said Pat Tsien, a manag- 


ettlement Deadline ing partner at Accenture. 


The U.S. Securities and Ex- 
| launch of T+1l from 2004 to | 


| change Commission said in 
May that it was considering 
June 2005 [QuickLink: 24736]. 


Securities industry mandating a move to T+l and 
group to focus on | Last woes wore Remotes Ge | would release a plan for public 
| T+] onus for at least the next | 


_ comment by September [Quick- 
system automation | two years. “What we've done is Link: 30002]. However, Kittell 
- | removed [the T+1] goal and re- 


said, “the sum of those com- 
| placed it with a set of straight- ments, I would suggest, will 


Go Right Through 


Key facets of the SIA’s 
straight-through proces- 
sing program include 
the following: 


Improving the timeliness 

and accuracy of trade matching 
with institutional transaction pro- 
cessing capabilities 

Using electronic trading 
certificates to reduce the need for 
paper stock certificates and forms 


it another Y2k Armageddon,” 
said Shaw Lively, an analyst at 
IDC in Framingham, Mass. 
Another thorny issue facing 
T+1 is the involvement of for- 
eign exchanges, which would 
narrow the window for settling 


BY LUCAS MEARIAN 
| 


N A MOVE that takes some 
pressure off IT managers 
responsible for the sys- 
tems that process stock 
trades, the Securities 
Industry Association’s (SIA) 
board last week voted unani- 
mously to rescind a mid-2005 
deadline for moving to next- 
day settlement of trades. 
Instead, the New York-based 
SIA said it will now focus on a 
less grandiose program aimed 
at pushing financial services 
firms to automate their trading 
systems for straight-through 
processing applications that 
directly connect back-end sys- 
tems at different companies. 
Straight-through processing 


requires companies to make 


internal systems changes in or- | 
end-to-end | 


der to automate 
processing of stock trades. It 


also involves hooking systems | 


into external trade-matching 
engines, such as the rival ver- 
sions operated by the Global 
Straight 
Association in Zurich and Om- 
geo LLC in Boston. 
mainframes and 
messaging to match Buy and 
Sell orders. 


But converting to “trade plus | 


one day” settlements, or T+, 
would be even more complex. 


Securities firms would have to | 
set up new business rules and 


real-time or near real-time 
processing engines to reduce 
the standard for settling trades 
from three days to one. 
Analysts estimated that 
switching to T+] could cost the 
financial services industry 
$8 billion in IT 
process The 


costs. business 


case for T+l came under ques- | 
tion in the wake of Sept. ll and | 


the ongoing economic slump. 
In November, the SIA post- 


poned the target date for the | 





Through Processing | 


Both use 
XML-based | 


and business | 


through processing 
goals,” said Donald 
Kittell, the SIA’s ex- 
ecutive vice presi- 
dent, during a con- 
ference call. Next- 
day trade settle- 


| ments will be re-evaluated by | sign a 


the SIA in 2004, he added. 


WALL STREET HUB 


System automates securities 
lending and borrowing. 

@ QuickLink: 31480 
www.computerworld.com 
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trades even further 
because of time dif- 
ferences. For exam- 
ple, IT consulting 


this month won a 
contract to help de- 
combined - straight- 
through processing and T+1 


firm Accenture Ltd. | 





“In this economy, this is a | plan with the Japanese Securi- 


better move instead of making | ties Dealers Association, 


the | 


not be a strong consensus.” 

The SIA has for the past 
three years pushed for both 
straight-through processing 
and T+l under a single pro- 
gram. Kittell said its subcom- 
mittees will set new target 
dates for industrywide adop- 
tion of straight-through pro- 
cessing after the SIA’s confer- 
ence in October. D 


of payment such as checks 


Automating the processing 
and reporting of corporate finan- 
cial actions such as stock splits 
and recapitalizations 


Seo eeresserseseseseessores 


Automating the securities 
lending business, which supports 
traders who are involved in the 
short-selling of stocks 





Users Keep Faith as i2 Plans Layotts, Other Cuts 


Supply chain software vendor seeks 
| _turnaround after ninth straight loss 


BY MARC L. SONGINI 


Looking to bolster its sagging | 
revenue and stop a string of 


quarterly losses, i2 


jor revamp of its supply chain 


management software and cor- | 


porate structure. 

Dallas-based i2 last week an- 
nounced plans to slash its an- 
nual operating costs by about 


30% through moves such as | 
| closing facilities and laying off | 
up to 1,400 of its 4,800 employ- | 
12 also said it will move | 


ees. 


more of its development work | 
to India, reduce the number of 


systems it supports and prune 
some of the less central com- 
ponents of its product line. 

The cost-cutting 


lion during the second quarter 


(see box). Sanjiv Sidhu, i2’s 


chairman and CEO, said in a 
statement that the company is | 
on becom- | 


“intensely focused” 
ing profitable and hopes to get 
operating expenses in line 
with revenue by year’s end. 
However, some analysts said 


Technolo- | 
gies Inc. is embarking on a ma- | 


initiative | 
| follows a net loss of $757.4 mil- 
| lion on revenue of $119.6 mil- | 


they have reservations about 
the future for i2 and its users. 
Karen Peterson, an analyst | 
at Gartner Inc. in Stamford, 
Conn., said the layoffs may 
pose a risk to i2’s customer sat- | 
isfaction levels, especially with | 
users who are installing its 


Bitewey Com Oey Cnt ss | 


12'S PROBLEMS 

= The $757.4 million net loss for 
the second quarter was the com- 
pany’s ninth straight quarterly 
deficit. 


m Revenue for the second quarter 
dropped 52% from last year's fig- 
ure, with software sales plummet- 
ing from $106 million to $26 mil- 
lion - a 75% decline. 


eee eee eseeeresseeeseseee 


12’S PLAN 

=Cost-cutting actions will include 
cuts of about 30% of the compa- 
ny's operating expenses and the 
Closing of some facilities. 

= More development work is be- 
ing shifted to India, and the num- 
ber of hardware/software plat- 
forms i2 supports will be reduced. 


} resource 


| ing by users. 
| risk time for i2,” 


| users 
| faith in i2. Sandie Foster, a di- 


software “What could 
happen is that those customers 
in active implementations 
could be hit with consulting 
turnover,” she said. 


‘High-Risk Time’ 

Meanwhile, the supply chain 
applications sold by enterprise 
planning software 
vendors such as SAP AG and 
Oracle Corp. are good enough 
for many companies, Peterson 
said. To counter that, she 
added, i2 needs to better inte- 
grate its applications so they 
can interoperate without cod- 
“This is a high- 
Peterson said. 

An i2 spokeswoman said the 
company offers tool 
help users integrate its prod- 


now. 


| ucts. But i2 is also doing in- 
and | 


house integration work, 
Chief Marketing Officer Janet 


Eden-Harris said that one of 


i2’s goals is to more tightly 


| connect its planning and fore- 


casting applications to its sup- 


| ply chain execution software. 


Despite the rough times, 


expressed continued 


rector of the Atlanta-based i2 
User Group and marketing 
manager at IT services firm 
SBI and Co. in Salt Lake City, 


kits to | 


| the 





said she has “every confidence 
in i2” in light of the restructur- 
ing and management changes. 

Foster cited the return of co- 
founder Sidhu as i2’s CEO and 
the promotion of Sam Nakane 
to chief operating officer in 
April as positive steps for the 
company. Sidhu had given up 
the CEO job last year, though 
he remained as i2’s chairman. 

The quality of i2’s support 
slid when the company ex- 
panded into new technology 
areas, said Ellen Martin, 
president of supply chain in- 
formation systems at VF Corp., 
an apparel maker in Greens- 
N.C. But Sidhu’s focus 
“always was customer service,” 
she added. “They took a side 
street when he gave up the 
CEO position. I think they’re 
now on the main road again.” 

VF, which makes products 
Wrangler and 
jeans, runs i2’s supply chain 
and factory planning applica- 
tions and plans to install its de- 
mand fulfillment tool. Martin 
said she approves of i2’s turn- 
around plan but wants to see 
vendor deliver on_ its 
promises. D 


vice 


boro, 


such as Lee 


TIMEFORACHANGE = 


For more details on the product changes 
planned by i2, visit our Web site 


QuickLink: 31473 
www.computerworld.com 
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Microsoft Renews Its Partner Commitment 


Aims to soothe the 
‘uproar’ over its 
consulting moves 


BY CAROL SLIWA 
LOS ANGELES 

Microsoft Corp. took advan- 
tage of an opportunity at its Fu- 
sion 2002 conference here last 


week to announce a $500 mil- | 


lion investment in its partner 


community and to assure its | 


partners of their importance in 
its long-term success. 

That point needed to be em- 
phasized perhaps more than 


usual at this year’s partner | 
event, since many of Micro- | 


soft’s partners had _ gotten 
rather prickly just over a year 
ago after the company outlined 


a serious push into the consult- | 


ing services space. 


During his closing keynote | 


address, Microsoft CEO Steve 
Ballmer acknowledged the 
“troublesome” change that his 
company had subjected its 
partners to during the past 12 
months. 

“We've learned a lot about 
how to focus — or not focus — 
our consulting force in the last 
year,” Ballmer told conference 
attendees. “Our strategy’s nev- 
er changed in what we’re try- 
ing to do in consulting. 

“But it sure looked that way 
in the early part of the year,” he 
said, “because we managed to 
get a misalignment between 
our incentives and our re- 
sources and our strategy in the 


marketplace that caused our | 


consultants to look sometimes 
less like a friend and more like 
a foe than we ever would have 
intended them to.” 


Microsoft brought in 32-year | 
IBM veteran Mike Sinneck in | 


January to head its services di- 
vision, and Sinneck wasted no 
time in addressing the situa- 
tion that, as he put it, had got- 
ten partners into “an uproar 
and sort of a fever pitch.” 


MORE THIS ISSUE 
Computer Associates is also making plans 


to enhance its partner program. To learn 
more, turn to page 20. 





“We were competing with 
partners,” Sinneck told Com- 


puterworld. “Being a prime | 
| contractor [on consulting proj- 


ects], thinking about making 


| profit in the services business 


created all the wrong behav- 
iors.” So he said he worked to 
“put it back the way it was.” 
Sinneck directed his field force 
not to be the prime contractor, 
even though he recognized 


that there might be exceptions | 


with some large customers 
that insist on it. Microsoft in- 
stead would “fit” its resources 
underneath, he said. 

To the outside world, Mi- 


Continued from page 1 
Li ¥ 


Several users said Microsoft 
should include support with an 
Enterprise Agreement and the 
new Software Assurance main- 
tenance program, which enti- 
tles Select and Open license 
holders to current versions of 
Microsoft products for an an- 
nual fee of 25% of the volume 
license fee for server products 


| and 29% for desktop products. 


“If you’re going to spend the 
bucks to bring an Enterprise 


| Agreement in-house, they 


ought to include it in there,” 
said Jill Taylor, senior manager 
of workgroup engineering at 
The Home Depot Inc. in At- 
lanta. Home Depot signed an 
Enterprise Agreement, Micro- 
soft’s most comprehensive and 


expensive volume license op- | 


tion, in March. 

Bill Lewkowski, CIO at Met- 
ropolitan Hospital and Metro 
Health in Grand Rapids, Mich., 
said software upgrades and 
support should be bundled for 
a flat fee based on the percent- 
age of the product’s cost, but 
he added that Microsoft's 
charges are “out of line.” 


“They should take note of 


best-practice application ven- 


dors that bundle software up- | 


grades and unlimited support 


| for a yearly fee of 12% to 18%,” 


he said. 


crosoft Consulting Services 
(MCS) had grown, in part, be- 
cause it hired a large number 


| of people. But MCS has since 


reduced its head count by 140 
people and plans to keep it flat 
“because we don’t want to 
neck said. 


Hoping for Profits 

Perhaps that will help the di- 
vision’s bottom line, too. Even 
though Microsoft hoped for a 
profit with its consulting ser- 
vices business, the company 
never actually saw one, ac- 





cording to Sinneck. Overall 


Informed of customer com- 


plaints, Microsoft CEO Steve 


Ballmer recently told Comput- 
erworld he could lower the per- 
centages and instead charge 
more money for software prod- 
ucts, as other vendors do. That 


| point may be valid, but some 


customers remain convinced 
they’re being charged fees that 
are too high compared with 
those of competitors. 

“The company is spending 
a lot of effort right now trying 
to figure out what’s the right 
approach as licensing evolves,” 
Sinneck said. “How should 
| we package things together? 
Should we be integrating prod- 
ucts and licensing and services 
and support together in some 


to the customer? All those 
things are in play and under 
discussion. We don’t have the 
final answer, but there’s an in- 
tense focus on this at this point 
in time in the company. 

“One size doesn’t fit all in 
terms of the approach you use 
said. “That’s what makes it 


| . ” 
very, very complicated. 





Premier Support enhance- 


| 
| 
| 


compete with partners,” Sin- | 


creative way that makes sense | 


to solve the problem,” Sinneck | 


| 





ments under consideration in- | 


| clude round-the-clock _ tele- 
phone support for small to 
midsize customers that don’t 
buy that option now, preferred 
access to incident support and 
| customized Web sites, he said. 
Premier Support programs 
| will be piloted this summer 


service revenue which also 
includes Premier Support — 
grew in double digits, but the 
division lost “tens of millions 
of dollars” worldwide, he said. 

“As a matter of fact,” Sinneck 
added, “on the bottom line of 
the P&L [profit and loss state- 
ment], it’s several hundred mil- 
lion dollars’ worth of drag.” 

Microsoft will now work to 
break even on services, which 
Sinneck views as “a means to 
an end” — helping customers 
get value from the company’s 
products. 

“We are not going to build an 
IBM Global Services,” Sinneck 
asserted. Microsoft’s core com- 
petence lies in its software 
products, he said, “and that’s al- 
ways who we're going to be.” D 


and launched in late fall or ear- 
ly next year, according to Sin- 
neck. Included will be a new 
offering that will be delivered 
through Microsoft’s channel 
partners, he said. 

Microsoft already has gotten 
creative in some negotiations. 
Home Depot, for instance, said 
it was offered the option of 
purchasing Premier Support 
by the hour rather than by inci- 
dent. The hourly proposition 
was more appealing, since the 
retailer had been using only 
about half of the 300 incidents 
that its annual contract al- 
lowed, Taylor said. 


Home Depot will now have |} 


Microsoft 
Support Options 


® Microsoft 
Professional Support 
TARGET CUSTOMER: Small 
and midsize businesses 


= Microsoft Authorized 
Premier Support (MAPS) 
TARGET CUSTOMER: Midsize and 
large businesses 


= Microsoft Premier Support 


TARGET CUSTOMER: Large 
corporations 


MORE ONLINE: For a detailed look 
at Microsoft's support options, 
visit our Web site. 


QuickLink: a2340 
www.computerworld.com 
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400 hours at its disposal and, if 
the contract’s end date creeps 
up before the retailer has used 
up its time, Home Depot can 
bring in an expert to do on-site 
training of internal support 
staffers, Taylor noted. “We can 
get the full benefit of what we 
purchased,” she said. 

So far, however, that offering 
is being piloted only in the 
U.S., according to a Microsoft 
spokesperson. 

Richer offerings that inte- 
grate consulting and support 
“life cycle” services are antici- 
pated for existing Premier 
Support users, and new entry- 
level options are expected for 
corporate and small-business 
customers, Sinneck said. 

Sinneck said he expects a 
stand-alone purchase of sup- 
port to be more expensive than 
it is for a customer who has a 
“broad, deep annuity relation- 
ship with us,” but he doesn’t 
think any conclusions will be 
reached until the fall or early 
next year. 

Alvin Park, an analyst at 
Gartner Inc., said that if Mi- 
crosoft bundles support with 
maintenance, it must be care- 
ful that it doesn’t take away 
from its Premier Support rev- 


| enue stream. 


Yet most other software ven- 
dors, including IBM and Oracle 
Corp., offer combined pack- 
ages of upgrade rights and sup- 
port, “so there may be pressure 
on Microsoft,” Park noted. D 
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New refrigerator cars rely on satellites 


BY BOB BREWIN 

AND LINDA ROSENCRANCE 
NTIL ABOUT 18 
months ago, ship- 


pers of perish- 


able products | 


that consigned 
their loads to refrigerated box- 


cars had to act on faith that a | 


shipment would make its way 
cross country at the right tem- 


perature without the refrigera- | 
tion unit breaking down or | 


running out of fuel. 
Sometimes the shipper end- 
ed up with a load of rotten or- 


anges, bad cheese or spoiled | 


juice. But that’s changing as 
railroads roll out new, “smart” 
— or reefers, 
as they’re called — that use 
satellite communications to let 


refrigerator cars 


shippers monitor and control | 


car temperatures from a secure 
Web site. The technology also 


allows them to pinpoint a car’s | 


location to within a few feet. 
Dave Fleenor, assistant vice 


president of perishable mar- | 


keting at Burlington Northern 
Santa Fe Corp. (BNSF), said 
the railroad 
control system from StarTrak 


uses a 


system lets Fort Worth, Texas- 
based BNSF change the tem- 
perature setting of each refrig- 
erated unit, diagnose problems 
and control what’s going on in- 
side each car. 


Fresh Fruit 


Remote control means ship- 


pers may never have to face an- | 


other load of spoiled perish- 


ables again, said Scott Slifkin, | 
president of StarTrak. If a re- | 


frigeration unit breaks down, a 
microchip controller card alerts 
the shipper and the railroad, 
which can quickly dispatch a 
technician to fix the problem. 


That’s important to shippers | 


such as Kraft Foods Inc. in 
Northfield, Ill., Fleenor said. 


Kraft started shipping cheese | 


on BNSF before the new refrig- 





satellite | 





| erated cars were used, moving 
| about 368 carloads of cheese 


via the railroad in five years. 
Since the refrigerated cars 


| came online in August 2001, 


Kraft has nearly doubled that 
number, said BNSF spokes- 
woman Suann Lundsberg. 

In addition to the controller, 
StarTrak equips each reefer 
unit with a Global Positioning 


NEWS 


Smart Boxcars Give 
Rail Shippers Control 


System (GPS) receiver that au- 
tomatically the 
| car’s position to within 10 feet. 
In the refrigeration unit of each 
car, StarTrak installed a satel- 
lite communications transmit- 
ter and receiver, which move 
| data over the MSAT system op- 
erated by Mobile Satellite Ven- 
tures LP in Reston, Va. 

The satellite modem _ re- 
| ceives data from the receiver 
| and system monitors on the 
cars and relays it to a secure, 


determines 





Computer Associates 
Pushes Partnering Program 


Plans include 
online support, 
advisory board 


BY MARC L. SONGINI 


| Computer Associates Interna- 
tional Inc. continues to work | 


on boosting its technology 


| lineup and gaining a competi- 
tive edge through partnerships. | 
| To that end, the company plans | 


LLC in Morris Plains, NJ. The | to increase online support for | 


technology partners by year’s 
end and create a partner advi- 


| sory board next year. 


Additionally, the Islandia, 
N.Y.-based software maker last 


cess stories of its year-old CA 
Smart Solution 
process. 

The program ensures that 
companies that sell their hard- 


ware and software along with | 
CA products are fully certified | 


for interoperability and have 


adequate technical support 


| from CA. About half of the ap- | 


proximately 300 CA Smart So- 


| lution partners have already 


received the certification, and 
CA hopes to get the remainder 
on board in the next three 
months. 

Holdout companies, howev- 


certification | 


| er, are in jeopardy of losing 
| their partner status, according 
| to Stacy Leader, vice president 
| of the partner program. “We 
| are re-evaluating where we are 
and then will be moving for- 
| ward and either decide to part- 


ner with them or keep their | 


name on file,” Leader said. 
“They will either jump on the 
train with us or part ways.” 


Smart Solution announcement 
represented a turnaround for 


the company. At the time, CA | 


said that, instead of acquiring 


| other companies, it would rely | 


on partners to fill gaps in its 


| week detailed some of the suc- | 


CA said last week that it has 
added four members to its board 
of directors to replace four direc- 
tors who intend to step down at 
the board's annual meeting next 
month. Among those departing is 
longtime director Willem F.P. de 
Vogel, who was targeted for re- 
moval by a shareholder-led proxy 
campaign to revamp CA's board. 
Three of the four retiring direc- 
tors are leaving because of CA's 
newly enacted eight-year term 
limit on the service of outside di- 


Leader said last year’s CA 








| 


shipper-accessible Web site 
operated by StarTrak. 
Tropicana Products Inc. in 
Bradenton, Fla., which ships 
fresh orange juice from Florida 
to Northeastern markets, is 
retrofitting all of its reefers 
with StarTrak technology, said 
spokeswoman Kristine Nickel. 
“When the system is fully 
[deployed] in the next 18 to 24 


months, we will have the abili- | 


ty to have the cars communi- 
cate with us and let us change 
the temperature [if necessary], 
so a load of juice won’t be dam- 
aged,” she said 

Bob Smith, the vice president 
of transportation at Sunkist 
Growers Inc. in Sherman Oaks, 
Calif., said that although the 


Historically, 
partnering has 
not exactly been 
what you would 


call a core compe- | 


tency [of CA]. 


JAMES GOVERNOR, 
CONSULTANT, ILLUMINATA INC. 


technology lineup. 

CA will continue to enhance 
the program. The company 
plans to add more online tech- 
nical support for partners and 
partner advisory 
board within the next year. 


create a 


CA Replaces Four Board Members 


rectors, according to the compa- 
ny. CA adopted the term limits in 
May as part of a broader corpo- 
rate governance overhaul. 

Joining CA’s board are Vivendi 
Universal Games CEO Kenneth 
Cron, former Salomon Brothers 
Inc. general partner Robert E. La 
Blanc, technology investor and 
entrepreneur Alex Serge Vieux 
and former CBS Inc. Chairman 
and CEO Thomas Wyman. 

~- Stacy Cowley, 
IDG News Service 
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Smart Reefers 


® Embedded microchip controller 
card monitors system status and 
temperature. 

® Built-in GPS system tracks 
location to within 10 feet 


® Satellite transmitter/receiver relays 
stem status to secure Web site. 


® Web site lets shippers adjust reefer 
temperatures and track location 


StarTrak system lets him moni- 
tor temperatures, its location 
capabilities are wanting. “The 
location [service] is weak,” he 
said. “Sometimes I don’t get an 
update for 12 to 18 hours.” D 


CA’s Smart Solution initia- 
tive is to some degree address- 
ing long-term weaknesses in 
CA’s partnering strategy, ac- 
cording to James Governor, an 
analyst at Nashua, N.H.-based 
consultancy Illuminata Inc. 

“Historically, partnering has 
not exactly been what you 


| would call a core competency” 


of CA, said Governor. While 
CA traditionally has been a di- 
rect sales firm, the Smart Solu- 
tion program “shows a system- 
atic attention to partnering 
that CA has sometimes 
lacked,” he added. 

However, in terms of chan- 
nel support, CA’s competitors 
generally offer something sim- 
ilar for their partners, said 
Governor. For example, Micro- 
soft Corp. just announced a 
$500 million boost to its chan- 
nel marketing budget [see sto- 
ry, page 16]. 

Among the companies that 
have bought products from 
CA-certified partners is Party 
City Corp. in Rockaway, NJ. 
Party City uses CA partner 


| G&Z Systems Inc.’s PollView 
data 


transportation manage- 
ment application, which ties 
into the party supply retailer’s 
Unicenter installation. 

According to Richard Zuck- 
erman, president of Hawthorn, 
N.Y.-based G&Z, having the 
certification, which his compa- 
ny received last month, allows 
customers to feel more com- 
fortable with the idea of going 
to third-party providers. D 
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Check Point President Ungerman 
gees Light at End of VPN Tunnel 


Vendor waits out t stifled 
IT buying environment | 


BY DON TENNANT 
Jerry Ungerman, president of Check 
Point Software Technologies Ltd. in 
Redwood City, Calif., earlier this 
month spoke with Computerworld 
about how the firewall/virtual private 
network (VPN) market leader is faring 
in the current economic environment, 
and where the company is headed 
amid expectations of a recovery. Ex- 
cerpts follow. 


What is Check Point’s relationship 
with WorldCom? WorldCom is 

a very big partner of Check 
Point. They used to carry mul 
tiple security products, but 
sometime last year, they decid- 
ed they were going to standard- 
ize on one security product. 
Right now, we are the [sole] 
security product that World- 
Com packages and resells, on a 
stand-alone basis as well as a 
managed service offering, on a world- 
wide basis. 


Are you concerned about WorldCom’s 
financial problems? Obviously, their 
core business has been impacted with 
the telecom slowdown, and they’re 
dealing with some other issues. But 
right now, we have a very good rela- 
tionship. They’re a very good partner, 
and they’ve been doing very well for us. 


How has the meltdown in the telecommuni- 
cations sector affected you? It’s not had a 
big impact on us. The biggest impact 
has been the overall economic slow- 
down — the IT spending slowdown, as 
opposed to telecom specifically. 


Your first-quarter results were down 
across the board from the same period a 
year ago. | know you're in a quiet period 
until your second-quarter financial results 
are released on July 22, but what can you 
say about your financial outlook in general? 
One of the things that we still see is 
that security is one of the more impor- 
tant areas that IT executives are fo- 
cused on. We still think we’re getting a 
larger percent of the spending — and 
the increase in spending, to the extent 


| that there is any — than other kinds of 
| technology products. 

This year, we haven’t seen as much 
of an economic recovery as we expect- 
ed, although most of our projections 
were for recovery in the second half of 

| the year, with most of it coming in the 
fourth quarter. We’re not there yet, so 

| we don’t know if it’s going to happen. 

| But we do know that people are not 

| being allowed to buy as much as they 

| need right now. They’re being very 
cautious in their spending, delaying, to 
some extent, some of the full imple- 
mentations of projects. But we still 

| think security is at the top of the list, 

| from a focus and spending standpoint. 


When you announced that you 
were going to end maintenance 
support for Version 4.1 of your fire- 
wall/VPN product at the end of this 
year, some of your customers were 
pretty upset. Where does that 
stand? The fact is, we’ve ex- 
tended the date for support of 
4.1 because of that input, and 
we work with customers to 
have them upgrade. We extend- 
| ed it to June 30, 2003. 

The fact is, they get to upgrade for 
free. We're not forcing them into it or 
charging them for it, as long as they’re 
| on subscription, which the vast majori- 

ty of the base is. 


Do you have any new-product develop- 

| ment plans for the immediate future? We 

| see the need for firewalls and VPNs 

| continuing to grow, even in the enter- 
prise space. Most of the VPNs have 
gone into intranet deployment, tying in 

| remote employees and offices. We see 

| there’s a big opportunity coming, and 

| we’re going to bring out a management 

| capability to really make extranets a 
reality, where companies start tying in 
partners, customers and suppliers into 
their networks. 


When are we going to see this? Before 

the end of the year. We've already 

brought to market the beginnings of it, 
| the foundation for the capability. 


| CHECK UP ON CHECK POINT: 


| For the full version of our interview with Jerry 
| Ungerman, visit our Web site 
QuickLink: 31434 
www.computerworld.com 
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SDLT 320: 
THE ULTIMATE BACKUP 
MACHINE. 


LARGEST CAPACITY 
320 GB — 60% more than the nearest competitor! * 


HIGHEST PERFORMANCE 
32 MB/s — Up to 33% faster!* 


LOWEST COST PER GB 
Up to 46% lower!* 


PROTECTS YOUR INVESTMENT 
Backward compatible to DLTtape™ IV media 


IDEAL FOR AUTOMATION 
Best combination of storage density, performance and 
durability 


BROADEST PLATFORM ACCEPTANCE 
Over 2 million drives and 80 million cartridges sold 


INDUSTRY-LEADING ROADMAP 
First with a path to over one terabyte 
and 100 MB/s* 


See for yourself why the 

SDLT 320 is the highest performing drive on 
the road today! 

Go to 320reasons.com. 


SUPE 


“When compared to LTO 1, AIT 3 and Mammoth 2 drives. Where mentioned, capacities and transfer rates are compressed. 


©2002 Quantum Corporation. All rights reserved. Super DLTtape and DLTtape are trademarks and the Super DLTtape logo 
is a registered trademark of Quantum Corporation 
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PATRICIA KEEFE 


No More Blind Faith 


FEW YEARS AGO, my brother and I co- 
incidently decided to vacation in the 
San Juan Islands. He likes to go first 
class; I tend to wing it. While he and 


his family stayed at four-star B&Bs, my 
family ended up in some funky accommodations off 


the beaten path. Net result? They listened to ferry 
announcements all night long while we communed 
with hummingbirds inches away and enjoyed in- 


credible views of the is- 
lands. The moral? First 
tier may be the most ex- 
pensive, but it isn’t al- 
ways the best. 

Nor, as recent months 
have borne out, is it al- 
ways the safest. To be 
sure, nobody runs around 
anymore saying things 
like, “No one ever got 
fired for buying IBM.” 
But the expectation re- 
mains that top-tier com- 
panies are safe bets. That’s why 
many WorldCom customers can’t 
bring themselves to worry too much 
about the vendor’s very pressing le- 
gal and financial predicaments. And 
it’s why, despite the threat imposed 
by endless antitrust trials, Microsoft 
users have consistently said that the 
outcome won't affect their purchas- 
ing and technology plans. 

This reaction is somewhat under- 
standable. Amid the steady drone of 
disappointing earnings reports and 
layoffs, life has pretty much gone on 
as before. Maybe you lost a sales con- 
tact or some nice but not necessary 
hand-holding services, or perhaps a 
minor product line got the ax. Noth- 
ing you couldn’t maneuver around. 

But today we’ve got some nasty 


added twists. A stubborn recession in 


the high-tech sector is pushing some 
suppliers past internal tinkering. SAP, 
for example, will terminate some 
third-party services, and Sprint will 
cut DSL operations to some cities. 
And while IBM’s recent dumping of 
its disk drive business may not affect 
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you directly, it under- 
scores that even Big Blue 
is carefully re-evaluating 
its entire product line. 
Adding to the uncer- 
tainty of the long-term 
availability of products 
and services is the con- 
stant drumbeat of corpo- 


those dubious-to-illegal 
accounting practices fu- 
eled by unbridled greed 
— insome corporate suites. 
| It’s not just WorldCom. Xerox and 
| Qwest are also under investigation 
| for accounting missteps. The num- 
| ber of scandals overall is such that 
the government and the judiciary 
have actually been moved to action. 
The stakes for IT are suddenly 


HERE. JOu’RE 
WELCOME TO 
OUR STOCK 





rate “misstated earnings,” 





higher. You need a lot more in your 
corner than blind faith that someone 


| will buy the assets or take over the 
| service if your primary vendor goes 


under. Sure, someone may well snap 
up the cool technology. But the new 
owners might change it. They might 
take it in a new direction. They might 


package it differently. They might 


charge more for it and support it less. 
So you need to prepare. Keep a 


| sharp eye on the balance sheet of 


your strategic vendors. Start asking 
questions and formulating contin- 
gency plans. Work your assumptions 
and expectations about continued 


| service into legally binding docu- 
ments. Scout backup providers for 


critical products and services. 

After all, if vendor executives have 
inflated their companies’ earnings 
and lied to or misled their auditors, 
shareholders and the SEC, can you 
seriously rely on their words of as- 
surance? When times are good, the 
customer is always right. But when 
the chips are down and the creditors 


| or jailers are at the door, you can bet 
| your last angry user that the cus- 


tomer is at the bottom of the list. 
The only one who can ensure and in- 
sure the services you provide your 


| company is you, and you can take 


that to the bank. D 


| that often meant 
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PIMM FOX 


Use VPNs for 
Security and 


Transparency 


RESIDENT BUSH speaks 

about the need for fi- 

nancial transparency: 
the ability to figure out what’s 
going on inside a business. But the 
only way this will happen is for top ex- 
ecutives to create and use IT infra- 
structure to get vital data when it’s 
needed, rather than after regulators 


| and investors have been duped. 


Using IT for a clear picture of busi- 
ness operations isn’t new, but it has ac- 
quired increased urgency, for practical 
reasons in addition to legal ones. 

Last year, 
when William S. 


| Sciortino joined 


Classic Resi- 
dence by Hyatt 
(the senior-liv- 
ing affiliate of 
Chicago-based 
Hyatt Corp.), the 
company was 
chasing a scat- 
tered paper trail 


PiMM FOX is Computer- 
world’s West Coast 
bureau chief. Contact 
him at pimm_fox® 
computerworid.com. 


financial state- 


| ments didn’t get 


closed for 60 days. The company’s 15 
luxury living facilities weren’t con- 
nected to a network (they were using 


| dial-up connections), had no file-shar- 
| ing and relied on faxes, telephone calls 
| and e-mail attachments of information 


such as Excel spreadsheets. 
“It was like running 16 different data- 
bases, and we were manually consoli- 


| dating information at our headquar- 


ters,” says Sciortino. 

It took 10 days for a typical facility to 
develop a financial statement that in- 
cluded occupancy rates, rent collected, 


| food service costs and personnel 
| changes. Bigger facilities took 13 days 


to compile information. It took until 
the 17th day for corporate accountants 
to get a real financial summary. Com- 
piling the results from all locations 
sometimes took as long as 60 days. 
Sciortino wanted to lay down an IT 


| infrastructure and put ERP on top of it. 
| The goal was to streamline the finan- 
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cial process and give what he calls 


i transparency to operations. “I want the 

fi executive chefs to know what the food 

i cost is every day, every week,” said 

hi Sciortino. “And I don’t want them to 
have to sit at the terminal waiting for 


this information.” 

, Sciortino’s IT choice was a VPN us- 
| 

3 

| 

i 





ing appliances from Nokia Corp. pre- 
configured with Check Point Software 
Technologies’ security software. “We 
went the appliance route because we 
are concerned about security, and dial- 
up isn’t reliable enough,” said Sciorti- 
no. He also didn’t want to load a bunch 
of Windows NT servers with Check 
Point software that would require IT 
personnel at each site to administer. 

Now Sciortino drops a team of con- 
sultants into a new location — the 
senior-living market is booming — and 
users are up and running in three to 
five days. “We're able to save time get- 
ting financial information to people 
who need it,” says Sciortino, who be- 
lieves the system will be instrumental 
in quickly integrating new facility ac- 
quisitions. 

Now, if only we had something as 
tangible to produce transparency and 
simplicity for the president's effort to 
curb corporate excess. D 


PAUL DONNELLY 


H-IB Is Just 
Another 
Gov't. Subsidy 


ESPITE big layoffs 

among IT workers and 

post-Sept. 11 concerns 
over the immigration system, 
advocates of H-1B visas aren’t going 
away. Indeed, IT employers are lying 

5 low, hoping to quietly persuade Con- 

gress next year to permanently raise 
the annual H-IB visa limit above 
65,000. And why not? Like most politi- 
cally connected industries, IT employ- 
ers have friends in Washington who 
are arguing to expand what is in truth a 





government subsidy. 

Take the Cato Institute, supposedly a 
small-government, antiregulation, free- 
market advocate, which for 10 years has 
opposed deregulating employment- 
based immigration. Buying green cards 
for new hires is a “tax,” it argues, so 
Cato wants a permanent, massive, over- 
regulated subsidy instead. 

Meanwhile, IT employers explain 









that H-1B holders are a “mi- 
nor league,” in ITAA Presi- 
dent Harris Miller’s words 
— a try-before-you-buy ap- 
proach, like Major League 
Baseball’s farm teams. But 
Nobel economist Milton 
Friedman scoffs at the idea 
of the government stocking 
a farm system for the likes 
of Microsoft and Intel. 
“There is no doubt,” he says, 
“that the [H-1B] program is 
a benefit to their employers, 
enabling them to get work- 
ers at a lower wage, and to that extent, 
it is a subsidy.” 

| From free-market thinker Friedman, 
those are devastating words. The H-1B 
program is a subsidy that distorts the 
job market for IT talent. (But watch for 
hilarious letters from libertarians ex- 
plaining how Friedman, a contributor 
to Free Minds and Free Markets, doesn’t 
know a free lunch when he sees one.) 


Let’s Focus on Bugs 


HE FINDING by the 
National Institute of 
a Standards and Tech- 
nology that software bugs 
cost nearly $60 billion annu- 
ally and that those costs 
could be reduced by $22.5 





billion via the application of 

consistent improvements in 

software testing processes 

shows that it’s time to adjust 

our priorities [QuickLink: 
30997]. With money tight, 

| building ways to recover at 

| least part of that amount is 

more important than contin- 

uing to rush more features | 

into production. Unfortu- 

nately, I don’t see that hap- 

pening. I instead see some 

| large software vendors con- 

tinuing to promote self- 

| serving legislation like UCI- 

| 


TA, which would shift even 
more of that $60 billion onto 
the backs of consumers. 
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should work hard to send 
onerous attempts at cost- 
shifting like UCITA back to 
the drawing board. 

Bruce Barnes 

President, Bold Vision LLC 
Dublin, Ohio 


M NOT an application de- 

veloper, but as the owner 

of a small technology 
consulting firm, I read the 
article “Users Losing Bil- 
lions Due to Bugs” with 
great interest. There’s much 
to be said for eliminating 
bugs from software, and I 
applaud the developers who 
strive to make that happen. 
However, in my career, I 
have seen many things at- 
tributed to buggy software 
that simply are not bugs: 
poorly trained users at- 
tempting to force an applica- 
tion to do something it was 
not designed to do; organiza- 
tions unwilling to pony up | 





Two years ago, I partici- 
pated in a National Acade- 
my of Sciences hearing 
about IT workforce needs. 
After the ostensible liber- 
tarian in the room, former 
Cato economist Steve 
Moore, laid out his case for 
permanently recruiting for- 
eign talent, the panel’s 
economist called his bluff: 
“So, there is no argument 
for a temporary visa, then?” 
Moore did a double take 
before stammering, “Well, 
this is one of those wink-and-a-nod 
programs. Everybody expects most of 
these workers to stay.” 

When the government supplies non- 
U.S. workers to an industry, that’s a 
subsidy. When those workers accept 
minor-league wages, that’s a big sub- 
sidy. When those outsiders want a ben- 
efit that can be supplied only by the 
government, like a green card, even 
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Steven J. Kopischke 


Ichthys LLC 
Green Bay, Wis 


' Stick With ECC Memory 


“Xserve 
Grabs the Spotlight” 
(QuickLink: 30624], you 

quote people saying that the 
use of non-ECC (in this case 
DDR) memory is worth “the 
extra savings and increased 
speed.” This is a dangerous 
statement. When it comes to 
speed, there’s no practical 
difference between the two, 
and many benchmarks con- 
firm this. As for perceived 
savings, on July 1, I found a 

| price of $49.49 for 256MB of 

non-ECC memory, and 

$71.09 for ECC. Memory er- 
| rors that go undetected and 
their later troubleshooting 
cost much more than the 


N YOUR ARTICLE 


| work; hence, it’s a bug. 


| Owner and chief consultant 









2B 


regulations intended to protect U.S. 
workers can skew the labor market 
against citizens. American workers 
won't support a minor league that runs 
against their interests, and winks and 
nods don’t fool them. 

Meanwhile, unions and IT profes- 
sionals risk getting suckered (again) 
into supporting irrelevant training pro- 
grams as a trade-off for H-1Bs. But the 
more that’s loaded onto the H-1B ap- 
proach, the bigger the subsidy gets. 

Let’s face it: IT lobbyists ill serve the 
industry by perpetuating the failed reg- 
ulations of the H-1B and green-card 
programs, which could be replaced 
with a market system that would deliv- 
er green cards as fast as they’re paid 
for. But laying off thousands of U.S. citi- 
zens and green-card holders while re- 
taining “temporary” foreign workers 
adds fuel to a growing anger. So call the 
H-1B visa what it is: a subsidy that runs 
counter to the real interests of both IT 
workers and free-market thinkers. D 






























What's in It for Others? 


r’S NICE TO SEE people 

taking time to volunteer, 

and corporate America 
should encourage it. Howev- 
er, I was disappointed to see 
that for the most part, your 
article focused on the ques- 
tion of “What’s in it for me?” 
[QuickLink: 30638] Volun- 
teer work isn’t really about 
finding a job or improving 
your résumé or increasing 
your financial worth. It’s 
about helping people and 
organizations that do good. 
The rewards should be the 
work itself and the self- 
satisfaction that comes from 
giving. 
Don Greb 
Pittsburgh 
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the dollars it takes to proper- 
ly install and configure 
large-scale applications or 


| Users should not only 
stress improvements in their 
own testing practices, but | 
| also send a clear message to | 
| vendors about the unaccept- 

| ability of shoddy or buggy 

| products. To help facilitate | 


even operating systems; 
companies ignoring manu- 
facturers’ recommendations 
for installation and configu- 
ration. These situations lead 
to users who are unhappy 
with the way applications 


building stronger quality 
protections into their ven- 
dor agreements, users 


difference of $21.60 per 
| 256MB. That’s why non- 

| ECC memory doesn’t be- 
long in a corporate environ- 
| ment. I will keep advising 

| companies I work with not 
to use any machine that uses 
| non-ECC memory. 

| Zoran Cvijetic 

| San Pedro, Calif 
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i NEW 48 Port PowerConnect Switches. 


Dell | Managed Switches 
PowerConnect™ 3024* Switch PowerConnect™ 5012* Switch 


Scalable, High-Performance Managed Switches High-Performance All-Gigabit Managed Switches 


Managed switches you can 
count on to do more than just save money. Just what you'd expect from Del! 
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TECHNOLOGY 


NICHOLAS PETRELEY 


Nay 


LAYING FOUNDATIONS 
FOR WEB SERVICES 


Building Web services on a firm 
foundation requires a service- 
oriented architecture, clean XML 
data and well-defined business 
processes. PAGE 30 


PORTAL T 
INTEGRATION 


Johnson Controls’ 
John Waraniak 
(left) uses a collab- 
oration exchange 
through the com- 
pany’s corporate 
portal to integrate applications 
from outside suppliers. PAGE 32 


PGP UNCERTAINTY 


Pretty Good Privacy, which gained 
cult status in the early 90s as the 
first almost-uncrackable freeware 
encryption program, may fade 
from use because the software’s 
vendor decided to pull the plug on 
it earlier this year. PAGE 33 


FUTURE WATCH 


Computer scientists are increas- 
ingly looking to biology for ideas. 
Some are inventing ways to com- 
pute using a method that looks a 
lot like evolution. PAGE 34 


QUICKSTUDY 


Unified messaging is the term for a 
system for accessing e-mail, voice 
and fax messages through a single 
common interface. PAGE 35 

A continuing staff shortage has 
Mathias Thurman fine-tuning the 
intrusion-detection system to re- 
duce false alarms — and his work- 
load. PAGE 36 





Free Porn Solution 


O, THIS IS NOT AN OFFER for a complimentary aphrodisiac 
drink. But now that I have your attention, I’d like to recom- 
mend a cheap and easy way to block unwanted and danger- 


ous Internet content. 


By now, almost everyone realizes that when you give your 
users access to porn sites, software downloads, and other Internet tempta- 


tions, it can cost you more than lost productivity. I 
don’t know of any solution that offers perfect protec- 
tion, but there are many free software packages that 
will get you within spitting distance. 

Here’s the combination I typically recommend. 
Start with Linux, add IP Tables (www.iptables.org) 
firewall rules with the help of the IP Tables configu- 
ration tool gShield (http://muse.linuxmafia.org 
gshield.html). Then mix in a Web proxy and cache 
called Squid (www.squid-cache.org) with the filtering 
proxy DansGuardian. You can block viruses, Trojan 
horses and other potentially dangerous e-mails with 
Anomy (mailtools.anomy.net). Add SpamAssassin to 
kill off that last bit of unwanted content. 

You can configure these Linux-based Internet gate- 
ways as your firewalls or just put them behind your 
current firewalls. The Squid proxy server adds a level 
of protection by letting users browse the Web with- 
out giving them direct access to the Internet, but 
that’s not why I recommend it. We’re after its perfor- 
mance-enhancing Web cache. 

The Squid cache is especially useful if you have 
multiple pipes to the Internet, such as a Tl, a T3 and 
a satellite, because multiple Squid caching servers 
can cooperate with one another. You can set up your 
Squid caches so that if your T1 line goes down, the 
proxy for that line will automatically redirect re- 
quests to one of the other proxies, such as the one 
connected to the T3. It may seem redundant to daisy 
chain DansGuardian into this mix, since 
DansGuardian is also a proxy. But Dans- 
Guardian adds intelligent content filtering 
that the Squid cache lacks, and you get this 
feature at very little performance cost in 
added latency. 

The pearl in DansGuardian is that it ex- 
amines everything that passes through the 
proxy, not just URLs. You can define cus- 
tom search expressions that check for 
combinations of words within a Web page, 
and DansGuardian wil! block any pages 
with matching content. If you choose your 
search expressions carefully, you can mini- 
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mize false positives. That way, your users won't be 
able to reach porn sites, but they'll still be able to 
read about cockatiels or pussywillows. You can also 
use DansGuardian to block URLs based on search ex- 
pressions, filter sites by IP addresses, and stop down- 
loads of files matched by Multipurpose Internet Mail 
Extension type or file extension. If you’re really para- 
noid, just block all compressed files and executables, 
and that will bring all downloading of unapproved 
content to a screeching halt. If that presents a prob- 
lem for your most trusted users, you can set up Dans- 
Guardian to let only those users through. 

The last challenge is to prevent anyone from by- 
passing these safeguards. 

First, configure Squid to reject all client IP address- 
es except its own so only DansGuardian will have 
permission to access the Squid cache. Then config- 
ure DansGuardian to require password authentica- 
tion, or configure your Linux gateway as a transpar- 
ent proxy. The latter technique makes individual user 
authentication impossible, but it automatically forces 
all outgoing Web requests to pass through Dans- 
Guardian. The added benefit is that you don’t have to 
configure anyone’s browser to access the proxy. 

Depending on how you configure your firewall, 
you may also have to use IP Tables to prevent users 
from accessing a proxy outside your firewall. IP 
Tables can be difficult to grasp, but this is where 
gShield comes to the rescue. There’s nothing fancy 
about gShield, but once you learn it, you'll 
be able to set up any new Linux firewall 
in minutes. 

The Anomy e-mail filter can use exter 
nal virus checkers to disinfect incoming 
attachments. But if all you need to do is 
make your mail safe for clients like Micro- 
soft Outiook, Anomy sanitizes even the 
subtle e-mail exploits. Finally, SpamAssas- 
sin catches a phenomenal 99% of spam for 
my domains. I personally use it with the 
commercial mail server CommuniGate 
Pro (www.stalker.com), but it works with 
just about any e-mail server. D 
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The USA PATRIOT Act now and an array of adapters (F.I.X., SWIFT, Flat 
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presents everyone with investments you've already made. We Files, database, CICS, and others) for accessing 
an enormous information make our solution work for your people. and presenting demographic and transaction 
integration challenge. The information from your core systems. 
experts agree that manual Having tuned our PATRIOTcompliance 
review processes for your Solution to your environment, we implement, BPI Suite is a comprehensive set of tools to 
customers and their financial rigorously test (to the very exacting standards enable you to rapidly build, manage, monitor 
transactions will no longer we developed to earn ISO 9001/TickIT and improve complex business processes. It 
suffice. Non-compliance is Certification) and deploy the solution. also speeds the development of Web services, 
not an option. The only question 
facing you is: who should you engage as acne ce an ee wae re ern eect EN mg 
our partner in implementing a solution? f : 
: nn seaoi ( SYBASE PATRIOTcompliance SOLUTION \ 
» i 
THE SYBASE APPROACH ‘ , ; 
Our approach leverages the knowledge and F P ; , 
capabilities we've developed over nearly 20 ee i. oo alle a ‘oot 
years of managing information, application . ' : . eee 
and process integration. 
The Sybase PATRIOTcompliance Solution ss 
helps you satisfy the integration requirements Pati 
of the USA PATRIOT Act by implementing a ape 
] totally automated process for filtering your j Candy 
customers, employees and suppliers against —— 
known suspects, and for continuously Nan os] 
; monitoring their activities. Our solution : 
} is operationally unobtrusive, secure and 
| cost-effective. SYBASE SOLUTION COMPONENTS 
I THE FIRST STEP 
} 
j Ee tual 
t ; ; 3 : DEG T 5 2 teas ito ir ee . 
Our first step is a Business Requirements Pfeblerien “idea dau roaiiiaahaens fea TPT ts oe Cy Cas | seg 


Assessment that helps determine your 


organization's unique needs, LENDING AND CREDIT ™ 


| We work with you to understand your front 
and back office infrastructure. We embrace 
| the technologies and product standardization 
of your environment. We extend the Anti- 
Simultaneously, we are training your key so you can quickly connect applications to 
. users and administrators. So when our work other agencies or other financial institutions. 
is done, yours can go on. 
The Software Get a complete solution that doesn't require 
Integration Company IN THE END IT LOOKS LIKE THIS you to start from scratch. We have the 
tools and skills to have you in compliance 
We can help you integrate all the Every solution will obviously be unique. before October. And who could have an 
disparate data and business applications But typically, you'll find a secure front-end issue with that? 
running in your enterprise and extend employing the Sybase Enterprise Portal, with 
them to any location in the world: pre-built capabilities for list, filter and rules We can help you get started right away at 
platforms, application servers, management, searches across applications www.sybase.com/integrationsolutions. 
components, databases, applications, i and data stores, internal and external 
. processes, integration brokers, even communications, management of the 


mobile/wireless solutions. By choosing 
Sybase, you can preserve and extend 
your existing infrastructure investments, 
avoid proprietary traps, and improve 
efficiency across the enterprise. 


investigation process, maintenance of 
search and investigation histories and, 
of course, reporting and presentations 


if — 
SYBASE 
lying everything together is the Sybase = AS E 


Business Process Integrator (BPI) Suite Information Anywhere 





The USA PATRIOT Act contains strong measures to prevent, detect and prosecute terrorism and international money laundering, greatly expanding the breadth 
and depth of the old laws. Broadly stated, the act requires that financial institutions know their customers and, to the greatest extent possible, their customers’ 
customers. Compliance for bankers and securities dealers is required by October 2002. Non-compliance couid involve costly civil and criminel penalties. 
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BETTER WHEN EVERYTHING WORKS TOGETHER. 





ERVICE-ORIENTED architectures 
hold out the promise of reinvent- 
ing IT as we know it, according to 
proponents of Web services. 

With Web services standards 
such as Simple Object Access Pro- 
tocol (SOAP) for messaging and 
Web Services Description Langu- 
age (WSDL) to identify the content 

of a SOAP message, users are dreaming up ways to un- 
lock information formerly trapped in legacy systems 
and share it across their entire IT infrastructures. 

Presentation, data and applications will be separat- 
ed into easy-to-distribute, easy-to-recombine objects, 
allowing companies to break free of many of the ap- 
plication development restraints they struggled with 
in the past. 

Yet the service-oriented model comes with a 
daunting challenge. Namely, if Web services are 
going to change how information is passed and 
processed in back-end systems, then back-end sys- 
tems will have to change as well. 

Companies such as New York-based insurance firm 
American International Group Inc. (AIG) and British 
agricultural giant Associated British Nutrition & Agri- 
products (ABNA) have undertaken projects they be- 
lieve will make them Web services-ready in the future. 


Needed: Real-time Data 

At AIG, Bob Garzotto, chief technology officer for 
the company’s financial services division, has been 
overseeing the creation of a next-generation data 
warehouse that uses SOAP as a transport envelope. 
Garzotto says the real-time nature of the applications | 
that will take advantage of Web services requires that | 
they have accurate, real-time data. 

AIG tapped Ascential Software Corp. in Westboro, 
Mass., to create an enterprise data collection model 
that transforms all data into easily digestible chunks 
of XML and connects multiple targets and sources 
rather than working in a point-to-point fashion. 

Using IBM’s MQSeries messaging middleware, 
data from AIG’s source systems will feed into Ascen- 
tial’s extract, transform and load (ETL) engine. The 
files will then be validated, cleansed and compared to 
previously cached files for consistency. The ETL en- 
gine will then generate a flat XML version of the data. 

Afterward, the data will be converted to conform 
to the International Standards Organization’s ISO 
15022 XML standard so AiG can exchange it with 
other financial services companies. 

“Initially, it’s going to take some time to build out — | 
the instrument coverage and the messaging struc- 
ture, but the data will be in a form that any of our 
users can work with,” Garzotto says. “It will allow us 
eventually to imbed this information into a Web ser- 
vices application.” 

The project started in April, with the first pilot de- 
ployment scheduled for September. Garzotto esti- 
mates that it will take two to three years to imple- 
ment the system inside all of AIG’s business units. 

Just as AIG plans to enable its Web services devel- 
opment with a uniform data model, ABNA intends to 
do the same with a uniform messaging model. 

In April, ABNA rolled out a uniform messaging 
system from Sonic Software Corp. in Bedford, Mass. 
Mysia Benford, IT director at ABNA, says the system 


| 
| 





A service-oriented architecture, clean 


TECHNOLOGY 


will allow the company to get away from Electronic 
Data Interchange messaging with its trading part- 
ners. With the new system, XML messages received 
from an outside source will be disseminated within 
ABNA. The company had been using a Microsoft 
BizTalk-based trading hub. 

“We wanted to untie our messaging from any par- 
ticular application vendor,” says Benford. “If you’re 
working application-to-application, it requires the 
applications to handle assurance and security. It 
shouldn't be there; it should be in the messaging lay- 
er.” Now the SonicXQ enterprise service bus will han- 
dle the message delivery and secure transport, leaving 
the applications to perform their primary functions. 

Gartner Inc. analyst Daryl Plummer says that in a 
service-oriented architecture, applications need to be 
separated from presentation and delivery. “It’s about 
allowing a developer to get things done without hav- 
ing to get into the complexity of it all,” he says. 

The ultimate goal of Web services is to crumble 
the IT silos in a given company, and some companies 
are moving steadily toward that goal. 
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Erik Sargent, a Web applications architect at Prov- 
idence Health System, a $3.2 billion hospital consor- 
tium in Seattle, has been busily constructing a ser- 
vice-oriented architecture this year. Using a Web 
services management tool from Redwood City, Calif.- 
based Infravio Inc., Sargent’s development teams 
have been able to link a user profile management 
application written using Java servlets with a Web 
page and credit card service written using Microsoft 
Corp.’s .Net framework. 

“Basically, you replace database calls with Web 
services calls,” he says. 

Providence is currently using the tool for its events 
registration. If an event requires credit card payment, 
the Infravio tool grabs that payment information, 
wraps it in WSDL and sends it in a SOAP envelope to 
the credit card service and profile manager database. 
Since each action exists as a distributable chunk 
of data, that information will also be sent to Provi- 
dence’s accounting division. 

“The key is to get something in the middle to or- 
chestrate everything,” Sargent says. “The problem 
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we were having was that Microsoft really didn’t do 
anything about the Java, and the Java vendors didn’t 
really do anything about the Microsoft platform.” 

According to Sargent, SOAP/WSDL objects enable 
the Microsoft and Java applications to share informa- 
tion. Without asking developers to change a line of 
code, the breadth of those applications has been dra- 
matically increased. 

But Providence is far from done. Sargent says the 
ability to swap data between disparate back-end sys- 
tems will play a significant role in the hospital con- 
sortium’s efforts to comply with Health Insurance 
Portability and Accountability Act regulations. 

“We'll need to be able to show who looked at a 
record, when and why,” Sargent says. “Using a Web 
services model, we'll be able to keep those records 
constantly updated.” To do that, Providence will 
need to unlock a legacy Cobol-based administration 
system called Mumps that runs on Unix. 

“It doesn’t talk to anything,” Sargent says. 

He says Web services will be used as a distribution 
method for information headed in and out of the 
Munpps system. 

Common Object Request Broker Architecture 
(CORBA) objects will be used to pull data out of 
Mumps. The CORBA objects will then be fed into a 
Java application that will provide business rules 
around that data. At that point, the Infravio manager 
will transform the objects into SOAP objects for wide- 
spread distribution. 


Barriers Come Down 

Toby Redshaw, CTO at wireless device and chip 
manufacturer Motorola Inc. in Schaumburg, Ill., says 
his company is also forging ahead with a service- 
oriented architecture model. “It gives us a chance to 
dig into the guts of manufacturing processes,” he says. 
“Barriers we've had forever are going to come down.” 

Motorola has turned to its enterprise application 
integration vendor, webMethods Inc. in Fairfax, Va., 
to help wrap manufacturing information in SOAP 
objects that can then be distributed to other divi- 
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Routing Legacy Data to Web Services at Providence 


Providence Health System has a legacy Cobol system that contains the primary 


administrative and medical records for its member 


hospitals. Due to perdhng Widone Rapes wine of Sat wlannateluneie 17 bacenpisent eceat tien, 
Here's how Providence intends to tackle the problem: 


CORBA objects 
Designed to pull datas 
from system 


Java business rules 
Govern the use of 
thatdata . 


sions using webMethods’ integration broker. 

Redshaw stressed the need to create a model for 
what the enterprise architecture will look like before 
Web services development begins. He also says that 
as Web services make data and applications easier to 
distribute, companies will need to beef up their mon- 
itoring capabilities. 

“You have to have application and hardware visi- 
bility across your entire network,” Redshaw says. 

That kind of accessibility is particularly critical for 
systems at the heart of the enterprise. The Denver- 
based trust services division of Fiserv Inc. relies on 
two Unix servers for much of the financial tracking 
and tax reporting it performs as a back-office opera- 
tions provider to financial institutions. 

Both Unix servers run trust accounting software 
from SunGard Data Systems Inc. in Wayne, Pa. Greg 
Bakke, Fiserv’s director of systems development, says 
unlocking the servers was crucial to creating a ser- 
vice-oriented architecture. 

Bakke found his key in the form of screen-scraping. 
Using tools from SilverStream Software Inc. in Biller- 
ica, Mass., Bakke’s staff has been able to pull informa- 
tion from the fields on the green-screen terminals 
that interface with the SunGard system. It’s then 
transformed into XML data objects that are fed to the 
SilverStream Java application server Fiserv uses. 

You have to script that entire function and create 
the workflow, but it’s a way to get components that I 
can then wrap in Web services,” Bakke says. 

He chose screen-scraping for the job because there 
didn’t seem to be an easy programmatic way to un- 
lock the system. 

“We’re very much defining the infrastructure we 
need for a service-oriented architecture,” Bakke says. 
“Every new product we buy now, we look to see if 
there’s a way of exposing things as Web services so 
that we can reuse them.” 

Plummer agrees that users will need to think 
through how their systems wil! consume and process 
Web services to make the technology work to its 
maximum benefit. Although some people loosely 
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define Web services as any business service using 
Internet transport or XML data, Plummer recom- 
mends that users demand more. 

“If anybody has a Web services tool and it does not 
use SOAP, WSDL or UDDI, kick them to the curb,” 
he says. “That’s not a true Web services tool.” D 
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secure Web services 


Building the Basics 


= Concentrate on application integration rather 
than collaborative efforts with trading partners. 
A company that has streamlined its own processes will 
likely find it easier to collaborate with others in the future. 


® Approach Web services security i ina systematic 
fashion. Pay pariicular attention to identity management. 


@ Choose a companywide XML data standard and 
stick with it. Quality data will be a key in building a 
service-oriented architecture. 


& Don’t assume you have the bandwidth to 
support a service-oriented architecture. Monitor 
your network and systems to make sure Web services 
don't create new bottlenecks or prohibitively slow the 
speed at which you do business. 


® Tactical projects need to fit into a bigger 
picture. Avoid building new stovepipes. 

@ Vendor responsibilities likely will change with 
the advent of Web services. Make sure you 
understand those changes and build them into the 
performance clauses of your contracts. 


® Avoid complicated workflow routines reliant 
upon Web services, because the tools to properly 
orchestrate those routines haven't yet been built. 
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world’s major automakers each year. 
Waraniak says product ideas must be 
analyzed in the early design stages by 
those most affected to avoid costly mis- JOHNSON 
takes. Fixing a problem during engi- CONTROLS INC 
neering design, for example, costs one- . 
tenth of what it would cost once a prod- 
uct reaches the prototype stage. If the 
product reaches the field, the cost can 
easily top 1,000 times what it would and services to control heating, 
have taken to correct the problem on ventilating, air conditioning 
the assembly line. Waraniak says the lighting, security and fire 
collaboration work at JCI has saved the management in buildings 


company a whopping 80% on research | MB eens 
and development investments. 






Business: Supplies seating, 
interiors and batteries for cars 
and trucks as well as systems 


Subsidiaries: More than 80 
How the Technology Works worldwide 


“Sixty percent of our workisengi- | M0" foes eee ee 
. ; | www.johnsoncontrols.com 
neer-to-order. We conceive and then we : 
build,” he says. “That means we depend | 
on tribal knowledge for insight into the 
product and the process for making it.” 
Throw in a multitiered supply chain | to gauge when they will need to supply 














with countless suppliers, and that trib- | parts to JCI’s manufacturing floor. “We 
“COLLABORATION CONNECTS blue sky with solid ground,” according to John Waraniak, al knowledge wouldn't be possible | want to provide visibility all through 
executive director of e-speed at Johnson Controls Inc. in Milwaukee. | without automation, including the in- our supply chain,” Waraniak says. 

———— of key applications as part of Few companies achieve the kind of 





the collaboration process, Waraniak visibility JCI does, says Kevin Prouty, 
says. That’s why the company was an an analyst at AMR Research Inc. in 
early proponent of the automotive in- Boston. And it’s paying dividends. “It’s 
dustry’s Covisint business-to-business | one of the few larger automotive sup- 
online exchange. It’s also why JCI be- pliers [that has] grown margins during 
gan work on its own “business place” these down times,” he says. 

| in January last year using technology | However, Prouty says he doesn’t be- 

| from MatrixOne Inc. in Westford, | lieve MatrixOne will solve all of JCI’s 

| Mass. This private exchange acts as a future integration problems. “Just 

| portal that masks integration hassles when you think that you’ve built the 

| by preselecting applications that work last adapter you'll ever need, you ac- 
with those in use on the exchange. quire a new company with a different 


Outside suppliers that access JCI’s legacy ERP system,” he says. 


exchange run a version of MatrixOne’s | z 
software on their sites. The software | What It Delivers 
| has extensions to the tools thatasup- | For Waraniak, the progress is tangi- 
| plier might use. For example, a suppli- ble. Collaboration on 2003 and 2004 
| ercan use computer-aided design and | model-year automobiles has yielded 
| manufacturing data on the JCI ex- | gains in efficiency. He says engineers 


| change in the application it knows have used collaborative online design 
Johnson C OT itrols has cut product costs | oe : eepstenem: sesame to a by — in — 
| AutoDesk Inc.’s AutoCAD software | “core products portfolio,” primarily by 
by $2( ) million W ith a collaboration portal | with Catera 5, while still benefiting ; 4 
that integrates supplier applications. | [Svusteresrsoheae Metnones | 








reducing the number of discrete parts 
in each cockpit component. 
use different software. MatrixOne’s 


Collaboration cuts time out of com- 


















| 
By Mar r | {all | software, which runs on each collabo- | ponent design, Waraniak says. What 
| rator’s location, takes care of the differ-_| once took days as overnight express 
OLLABORATE OR DIE. That’s the “Collaboration connects blue sky | ences between users’ applications. | packages went back and forth takes “a 
unspoken motto at Johnson | with solid ground,” says John Waraniak, | Beyond engineering design, JCI is | few hours on the Web,” he says, which 
Controls Inc. | executive director of e-speed at the | using MatrixOne for its manufacturing | is critical when there are as many as 
It permeates nearly every- | Milwaukee manufacturer. The automo- | supply chain, where users inside and _|_ 5,000 distinct parts in a vehicle. 
thing from product de- tive division where he works de- | outside of JCI don’t have to concern | Engineers also save time using the 


themselves with the source of, say, 
enterprise resource planning (ERP) 
information sent from a J.D. Edwards 


| 
sign to delivery within CASE livered $13.6 billion of JCI’s $18.4 
the company’s automotive sup- billion in revenue last year and | 
ply division. So it comes as no sy is a Tier 1 supplier of car and | feedback on ongoing work. “Typically, 
surprise that Johnson Controls truck cockpits, which include | application to an SAP program. For ex- | engineers spend half their time engi- 
(JCD is well along in an application in- | the dashboard, seats and other interior | ample, JCI builds the cockpit for the | neering and the rest of the time they 
tegration project that has turned col- parts. JCI builds almost half of the | Jeep Liberty using 35 suppliers, all of | are looking for information,” Waraniak 
| | 


exchange by sharing drawings, revising 
calculations and exchanging critical 







laboration into something far more cockpits used in the approximately 50 which can work with data from one an- | says. “With the exchange, it’s all 


| 
| 
| 
than a motto. | million vehicles manufactured by the other’s various inventory applications 


brought together for them.” D 
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The standard for Web encryption programs 
is being abandoned by its vendor, leaving 
plenty of questions and problems for users. 
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their PGP. And there’s not going to be any update 
from Network Associates to patch PGP.” 

Because of PGP’s history as free software, the 
number of companies that have installed it is un- 
known. But large organizations such as Lockheed 
Martin Corp. use PGP on a limited basis for critical 


| communications and file encryption, according to a 


spokesperson at the Bethesda, Md.-based company. 
And PGP is also being used in a lot of Web site 
scripting, says Adam Back, a security consultant in 
Montreal who has used PGP for eight years. 

German businesses are big users of PGP, according 
to Werner Koch, lead developer of GNU Privacy 
Guard (GNUPG) in Dusseldorf, Germany. Many of 
those PGP installations in Germany 
are being replaced with GNUPG, for . a 
which Koch’s small business will 
make its money from support fees. 
The code and concept of GNUPG is 
closely related to that of PGP. 

“In the past year, a lot of compa- 
nies have installed PGP for their 
e-mail encryption because of de- 
mands from their suppliers to en- 


ra 
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crypt business-to-business commu- 


BY DEBORAH RADCLIFF 


AD THINGS DO HAPPEN TO GOOD 
code. So learned Phil Zimmermann, 


author of Pretty Good Privacy (PGP), 


which in the early 1990s became the 

de facto standard for cryptology de- 

velopment on the Internet, accord- 
ing to analysts and user groups. 

While working with human rights advocates in 
1991, Zimmermann released his powerful en- 
cryption, signing and authentication free- 
ware, which did away with the need for 
third-party key authorities to issue and man- 
age the keys that lock and unlock data. 

In fact, the mathematical encryption algorithm 
was so good that Zimmermann nearly went to jail 
after one of his associates posted the algorithm’s 
source code on the Web and it caught the attention 
of the U.S. Customs Service. The federal government 
wasn’t happy that such a powerful secrecy tool had 
become available to anyone who wanted it and had 
the technical skills to use the complex program. It 
took a three-year legal battle before Zimmermann 


PGP is based on the public-key encryption method, which uses 
two keys: One is a public key that the user disseminates to anyone 
from whom he wants to receive a message; the oiher is a private 
key used to decrypt received messages. It's almost impossible to 
deduce the private key, even if you know the public key. But a diffi- 
Culty with public-key systems is that you need to know the recipi- 


| Traffic in Arms Regulations for exporting munitions. | 
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| pulled support for the product. 


was eventually cleared of violating the International 
Two years ago, after an unsuccessful attempt to 
make money on PGP on his own, Zimmermann sold 
PGP to Network Associates Inc. (NAI) in Santa 
Clara, Calif. NAI tried to integrate and market PGP 


| as part of an all-in-one firewall, virtual private net- 


work and peer-to-peer encryption appliance but was 
unable to sell the product, says Ryan McGee, 
group product manager at McAfee Security, a 
division of NAI. Nor could the company find 
another vendor to buy PGP. So in February, it 


“As Network Associates drops PGP, it drops the 


| ease of use and high level of integration PGP achieved | 


in the desktop computing environment,” says Julian | 
Koh, a network engineer at Northwestern University 
in Evanston, Ill, who uses PGP for file and mail en- 
cryption inside Northwestern’s network. “They’ve 

also dropped support for that product. So if some- 


| one’s using the latest version of PGP on XP and they 


install a Microsoft service pack for XP, it could break | 


ent's public key to encrypt a message for him. 
Public-key cryptography is also called asymmetric encryption 
because it uses two keys instead of one (symmetric encryption). 
Encrypting a message using PGP requires the PGP encryption 
package, which is available for free. The official repository is at MIT. 
~ Deborah Radcliff 


| architect at a technol- 
| ogy company in the 


nications,” Koch says. “Now those companies have 
real problems, because there are no more patches 


| and updates for the product. So some of these com- 


panies are removing their PGP software and asking 
if we can support GNUPG for them.” 

GNUPG is the first and strongest new form of PGP 
to step into the void left by NAI. GNUPG is working 
on a less complex interface, and installing its program 
is no more difficult than downloading any software, 
says Gary Kessler, a cryptography instructor at the 
SANS Institute in Bethesda, Md., and assistant pro- 
fessor of computer networking at Champlain College 
in Burlington, Vt., which houses a PGP key server. 

PGP proponents also say that more variants will 
emerge from the open PGP standard. PGP remains 
attractive because prominent alternatives such as 


| Secure Multipurpose Mail Extensions require third- 


party authorities to issue encryption keys, they say. 
More PGP development “would make a profit 
motive for a company to step in and offer commer- 


| cial support contracts for PGP,” Kessler says. “For 
| example, Eudora, which already has plug-ins for PGP, 
| and HushMail, which supports PGP in its latest ver- 


sion, could start to offer support.” 

Kessler uses PGP by pushing a button on his Eudo- 
ra e-mail program. But he can’t send PGP-encrypted 
e-mail to many of his associates, because they don’t 
have plug-ins for their e-mail programs. More PGP 
plug-ins to popular e-mail applications and services 
would introduce millions of users to PGP, which 
would also promote commercial support, Kessler says. 

Will new open-source developments move fast 
enough to encourage commercial support for end 
users of PGP? “I’m sworn to secrecy, but I person- 
ally know people working on this problem, and I’m 
sure the void will be filled in six months,” says Jon 
Callas, senior systems 


PRETTY GOOD RUN 


| For more on the history of PGP and 

| some useful tinks, see our Web site 

} QuickLink: 31394 
www.computerworld.com 


San Francisco Bay 
area and a former 
PGP developer. B 
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Employer: : 

~~ Santa Fe 
Institute, a New Mexico 
think tank specializing 
in emerging science 


Research interests: 
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Melanie Mitchell says computer scien- 
tists and biologists can learn a lot from 
each other. She’s studying how natural 
systems perform computation, and she’s 
using her findings to develop 
new kinds of computational 
methods. Mitchell recently told 
Computerworld’s Gary H. 
Anthes how we can solve some 
complex problems by letting sys- 
tems evolve solutions through a process 
of natural selection. 


Is evolutionary computing beginning to 
move out of the academic realm? This 
whole field has really exploded recent- 
ly. More and more people are using 


FUTURE 
WATC 


| evolutionary methods to do real-world 


applications. Examples are factory job 
| scheduling, supply chain optimization 
and automatic design of things like 
circuits. 


What's driving this? People have 

learned how to exploit these methods 
| better, and more and more people are 
getting interested in biologically in- 
spired methods in computer science. 
And we have the kind of computer 
power to really use these algorithms 
on a much larger scale. They are very 
computationally intensive, and a lot 
of people are now looking at genetic 
algorithms implemented on a parallel 
| computer or some large network of 
computers. 





Is anything holding back even wider use 

| of evolutionary computing? People don’t 
| understand very well what character- 

| izes problems that evolutionary meth- 
| ods work well on. That’s an open prob- 
| lem. There’s some intuition, but no 
real formal analysis. 


| Nevertheless, what can you say about 

| why this method is sometimes so effec- 

| tive? More and more people in the 
field of artificial intelligence 
are finding that if you want to 
create very complex comput- 
ing systems that act intelli- 
gently or in lifelike ways, 
iat that’s very difficult to engi- 
neer by hand. You have to let systems 
learn on their own. Evolutionary com- 
| puting is one kind of machine learning; 
} neural networks is another. 


| You're doing research in co-evolutionary 
| computing. How does that differ from 





| evolutionary computing? In machine 


learning, the traditional way you get a 


| system to do what you want is you 
| come up with a fixed set of training ex- 


amples — examples of the problem it’s 


| going to be faced with. Then you try 


the system out on the training exam- 
ples, and if it gets the right answer, it 
gets credit, and if it gets the wrong an- 
swer, it gets punished. 

But in co-evolution, you actually 


| evolve the training examples, and they 


evolve to be increasingly challenging. 
So you try to evolve test cases; you are 
generating them dynamically. Manu- 
facturing systems could lend them- 
selves to this, because you might try to 
evolve situations that would break 


| them because you are trying to make 


them as robust as possible. 


Will computer scientists continue to 
learn lessons from biologists? Yes. 
Learning how biological systems 
process information will eventually 
lead to new kinds of computing sys- 
tems. One of the problems in computer 


| science right now is that the standard 
| design for computing is very unlifelike. 


Living systems have many relatively 
simple components, and each compo- 
nent does some simple thing, but col- 


Imagine a very complex prob- 

lem - supply chain optimiza- 

tion, for example - in which a 

computer generates millions of 

trial solutions completely at 

random and then picks the one 
with the lowest cost. Such a trial-and-error 
approach isn't practical with big problems 
because there are just too many combinations 
of variables to try even a small fraction of them. 

However, that’s essentially what evolutionary 

computing does - but with one maior differ- 
ence. It converges on an answer by breeding 
better and better solutions from the most 
promising parents in each generation of trials. 
Here's Melanie Mitchell's explanation 
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ONLINE RESOURCES 


@ Melanie Mitchell’s home page: 


| www.santafe.edu/-mm 


@ Evolving Cellular Automata group home page: 
www.santafe.edu/-evca 


e apers about evolutionary computing: 
www.santafe.edu/~mm/paper-abstracts.html 


@ The Genetic Algorithms Archive: 
www.aic.nri.navy.mil/galist/ 





lectively, the whole network of compo- 


| nents computes very complicated 


things. That has a lot of advantages, 


) such as it can be much faster and more 
robust. 


Can you give an example of such a 
system? Scientists are understanding 
more and more about how the immune 
system is really an information, and 

in some ways a cognitive, system. So 

in computer security, you might do 
immune-system-like computation. 


Can biologists learn from computer 
scientists as well? Absolutely. It cuts 
both ways. Computer scientists are 
thinking about information-processing 
in machines, and sometimes that gives 
rise to new ideas in biology. Computer 
science and biology are intimately 
connected. D 


SRA aH GE LS RS ae PORE ETC 
_ Evolution via Genetic Algorithms 


“Evolutionary algorithms start out with a ran- 
domly generated population of from 50 to 500 
candidate solutions. At each time step, or gen- 
eration, all the individuals are evaluated and as- 
signed a number, called fitness. It's a measure 
of how good a solution it is. Then some per- 
centage, usually between 20% and 80%, of 
the highest-fitness individuals get to reproduce. 

“They reproduce two ways: by cross-over, 
where you take one part of one individual and 
some part of another individual and combine 
them; and by mutation, where you randomly 
change parts of an individual. The offspring are 
put into the next generation, and the whole 
process starts again.” 

- Gary H. Anthes 


Generation 1 


Generation 2 


Generation 3 
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All Messages 


‘lime. 
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Unified messaging is the term for a sy$tem that 
provides access to e-mail, voice and fax messages 
through a single common interface, usually an 
e-mail client application. 


BY JAMES COPE 
LTHOUGH differ- 
ent ways of com- 
municating 
might help 
today’s mo- 
bile workers stay in 
touch with business 
associates and family, 
having too many com- 
munications options can frus- 
trate workers and diminish 
productivity. A simple but per- 
vasive example is the use of 
two voice mail systems, one 
for the office and one for a 
mobile phone. 

Add to this the incessant 
flow of paper documents from 
printers and fax machines, and 
it’s no wonder that many in- 
formation workers sense 
they’ve become victims of 
their technologies. 

Part of the answer to the 


AT A GLANCE 


Voice, fax and e-mail 
are placed in the enterprise 
Cauca mi css(t om 


em Cera =).4 
systems are still in use in 
conjunction with data net- 
Pm em ess: t i 1c 
stored in the PBX system 
and then duplicated in the 
Gem cecs (0 ee 
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All messages, be they 
voice, fax or e-mail text, 
are routed to a recipient's 
e-mail in-box. 


vexing issue of managing mul- 


tiple message delivery systems 





is routing messages, no matter 
what type, to the user’s e-mail 
in-box. To do that, uni- 
fied messaging vendors 
such as Avaya Inc. in 
Basking Ridge, N,J., Nor- 
tel Networks Ltd. in 
Brampton, Ontario, and 
Cisco Systems Inc. route mes- 
sage data to an e-mail server — 
Microsoft Exchange or Lotus 
Notes, for example — which 


How It Works 


MESSAGES 
COMEIN VIA... 


on your 
own 
private 
number 


on your 
own private 
number 


forwards the data to the user’s 


| e-mail client application. 


In order to accommodate 


| voice messages, the unified 
| messaging vendor’s system 
| converts them to digital files 


that can be stored on a mail 
server or a user’s hard drive 
like any other data file. Simi- 
larly, incoming faxes are col- 
lected by a fax server, convert- 
ed to image files and sent on 


| to the mail server. The mail 
| server subsequently routes 


ei 
UNIFIED 
MESSAGING 


YOU COLLECT 
THEM FROM... 


via e-mail 
text-to- 
speech, fax 
or voice mail 


of text 
messages 


via www. 
message 
collect.com 


using 
any external 
e-mail address 


ACCOUNT 


on your 
own 
private 
number 


from your 
unified 
messaging 
system 
address and 
from your 
existing 
address 


via e-mail 
application 


or hand 
held organizer 


notifica- 
tions and full 
messages 


_ All the 


voice and fax messages to the 
user’s e-mail application, such 
as Microsoft Outlook or the 
Lotus Notes client application. 
Assuming the user has au- 
dio drivers and a speaker or 
headphones, he can simply 
click the attachment to play 
the voice mail audio file. He 
can also click an attachment to 


| review a fax on screen using 


his image-viewing application. 


| Behind the Scenes 


While the technology in- 


| volved in unified messaging 


seems to beg for an all-IP ap- 
proach instead of a separate 


| private branch exchange 


(PBX) system for voice and an 


| IP network for data, the reality 


is that most large companies 


| still have PBX voice messag- 


ing systems that work just 
fine. And most companies 


| aren’t willing to replace some- 
| thing that works just fine. 


Thus, network equipment 
vendors have been bridging 


| the gap between traditional 


PBX corporate phone systems 


| and existing data networks. 
| The idea is to show voice 


messages in a user’s e-mail 
in-box even though they may 


| also be left on a PBX-based 
| voice mail system. 


How vendors approach 


| building this bridge depends 


on what side of the river they 


| started from. For example, the 


big North American PBX man- 
ufacturers, Avaya and Nortel, 
have worked to connect their 
PBX-based voice messaging 
systems to data networks. Cis- 
co, which came from the data 
networking side with its IP- 
based switching and routing 
equipment, has reached out to 
interface its voice-over-IP uni- 
fied messaging system with 
existing PBX systems. 

Despite their different start- 
ing points, these and other 
vendors and are now building 


Beyond the 
Single In-box 


A single PC-based in-box for 
voice, fax and e-mail messages 
may be convenient enough for 
employees who work from a 
single office or who travel occa- 
sionally. But it just doesn’t do 
the job for workers who alter- 
nate between different sites or 
are on the road three or four 
days a week. 

As a result, there’s been a 
growing interest in ways to ac- 
cess and control the flow of in- 
formation through conventional 
and mobile telephones. So a 
mobile worker may, instead of 
accessing voice mail and e-mail 
over a dial-up connection, call 
his message box from a cell 
phone to retrieve both voice 
and text messages. A text-to- 
speech engine would read 
e-mail messages to the user. 

The latest unified messaging 
systems enable end users to 
set rules for how an automated 
call agent handles incoming 
Calls to a single phone number. 
The user can specify who gets 
through live and who goes to 
voice mail, based on their 
recorded name or caller ID. 

Moreover, the user can in- 
struct the agent to route cails to 
different phones during certain 
time periods — for example, all 
calls can be sent to the office 
phone on Mondays and Tues- 
days, to a mobile phone on 
Wednesdays and Thursdays, 
and to a home phone on Fridays. 

- James Cope 


unified messaging systems 
that treat e-mail, voice, fax and 
even video as simply different 
forms of data. When it comes 
time to replace the old PBX- 
based voice mail system, it 
will just be put aside and the 
data network will take over 
the job. dD 

Cope is a Computerworld con 
tributing writer. You can reach 
him at jc@jamescope.com 
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Recruiting Effort Draws 
‘Articulate Incompetents’ 


As the search for security talent 
comes up short, Mathias tunes 
the IDS to reduce the monitoring 
workload. By Mathias Thurman 


T’S BEEN ALMOST A 

month since I lost two 

security staffers, and I 

still haven’t found re- 

placements. Although 
we've found plenty of candi- 
dates, few have been truly 
qualified. 

What’s worse, the 
unqualified candi- 
dates have been get- 
ting through our 
screening process. I 


cruiters we hire 
were filtering out 
candidates so that those who 
came in for an interview 
would at least be somewhat 
qualified for the job. They’re 
not. I’ve interviewed about a 
dozen people, and only one 
was even remotely qualified. 

The other candidates were 
either fresh out of school and 
had no experience or were 
what I call articulate incom- 
petents. These “security pro- 
fessionals” could talk the talk 
but couldn’t add a user toa 
Unix system if their lives de- 
pended on it. 

If you’re going to use re- 
cruiters to screen candidates, 


| the time wasted interviewing 


| 
| center (NOC) staff to pick 


id 
SECURITY 

MANAGER'S 
assumed that ~ re- JOURNAL a 


— 


| 
| 
| 


bad candidates. But it won’t 
solve the basic problem: Good 


candidates are difficult to find. | 


Meanwhile, my arrangement 
with the network operations 


up some of the day-to-day ad- 
ministration tasks 
is going smoothly. 
They’re handling our 
Tripwire and Se- 
curID infrastructure, 
and so far, only a 
couple of Tripwire 
incidents needed my 
attention. Fortunately, those 
alerts were false positives. 


I've been spending a consid- 


| erable amount of time during 


the past few days tuning the 


| three Snort intrusion-detection 
| system (IDS) sensors. We de- 


ployed these sensors in north- 


| ern California, the Southeast 
| and the Midwest, and all are 
configured to watch our inter- 


you need to provide them with | 


a list of technical questions 
that anyone applying for the 
position should be able to an- 
swer. For example, a security 
engineer with Solaris experi- 
ence should be able to describe 
the proper command to con- 
figure a network interface. 

I’m now giving my recruiters 


a set of such questions with the | 


correct answers. Armed with 
this resource, the recruiters 
should be able to filter out 
those who have good-looking 
résumés but lack practical ex- 
perience. This should reduce 


| 
| 


nal corporate LAN traffic. 
We've placed them on the net- 
work so they watch only the 
traffic in and out of the internal 
corporate firewalls. We also 
have Cisco IDS sensors that 
watch the external firewalls, 


Tuning an 
IDS is a very 
time-consuming 
and draining 
process. 





but those have been tuned and 


| are working properly. I manage 


them separately, but they all re- 
port to a central console. 
Tuning an IDS is a very 


| time-consuming and draining 


process. But it’s also educa- 
tional, because you become 


| intimately familiar with how 


the network is configured and 
managed. By tuning the IDS 
engines, I’ve also gotten to 
know other individuals within 
the IT organization better. 
The problem with tuning 
an IDS is that you don’t want 


| to filter out something that 
| could be indicative of hacker 


activity. For example, because 
of the way our company moni- 


| tors the network, we have an 


excessive amount of Simple 
Network Management Proto- 
col (SNMP) traffic. But we 


| also need to watch for several 
| known SNMP exploits, so I 


The Art of IDS Maintenance | 


don’t want to configure my 
IDS engines to ignore SNMP 


| traffic completely. The trick is 
| to determine which traffic is 
| legitimate and then place fil- 


ters within the IDS software 
so that legitimate SNMP traf- 


| fic won't trigger an alert but 
| other SNMP traffic will. 


In tuning our IDS, I’ve had 
to address dozens of these 


| types of scenarios. Instant 


messaging traffic is another 


| example. Normally, it’s against 
| most companies’ policies to al- 
| low this type of activity. How- 


ever, while investigating this 
traffic, I found that the techni- 
cal support centers use it to 


| communicate with customers. 
| I can’t just block this traffic 

| completely, so I set up filters 

| that disregard traffic from the 
| tech-support network IP ad- 


dress range but pay attention 


| to the rest of the network. 


Granted, instant messaging 


| isn’t a large security risk, but 


it is a violation of our policy. 
Music-sharing programs are 

another big problem. Several 

programs allow users to find, 


| share and download music 





and full-length movies off the 
Internet. Using them is against 


| our policy. So it came as a sur- 
prise when I discovered that 


over 60% of the total traffic at 


| one of our remote locations 


was from music-sharing. To 
address this problem, I put in 


| a change control that blocks 
| this traffic at the firewall. 


Things to Know 
To tune an IDS engine, you 


| have to understand your net- 


work and the way it’s man- 

aged, monitored and adminis 
tered. And you have to know 
what applications employees 


| are using, since the use of 


those applications might cre- 


| ate false positives. 


Some traffic can be dealt 
with technologically (block- 
ing its access at the firewall), 
while other traffic can be dealt 
with administratively (con- 
tacting individuals or man- 


| agers). Other traffic has to be 
| tweaked and filtered so the 


IDS infrastructure is effective 


| enough to issue alerts about 


real suspicious traffic while 
letting legitimate traffic pass. 
Is this a completely reliable 
way to deal with these prob- 
lems? Probably not. But be- 
cause we’re short-staffed, I 
have to adjust my environ- 
ment so my entire day isn’t 


| consumed with responding to 


IDS alerts. Eventually, I'll train 
the NOC analysts to monitor 


the IDS engines. But for now, 


I need to give myself some 


| breathing room and time to 


attend to other matters. D 


WHAT DO YOU THINK? 


This week's journal is written by a real 


| security manager, “Mathias Thurman,” 


whose name and employer have been 


| disguised for obvious reasons. Contact him 


at mathias_thurman@yahoo.com, or join the 
discussion in our forum. 


] QuickLink: 1500 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 
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USER REVIEW 

Tripwire 

Manager 3.0 

Version 3 of Tripwire Manager, 
the central console for manag- 
ing servers running IDS soft- 
ware from Tripwire Inc. in Port- 
features. My favorite is the 
ability to run a script when 
Tripwire detects a file change. 

You can also group ma- 
chines according to cate- 
gories such as function or 
location, require administra- 
tors to enter their names and 
reasons for changes, and have 
multiple instances of Tripwire 
running on a single system to 
allow concurrent use. 

Those features were 
enough to earn Tripwire Man- 
ager 3 a piace in my security 
infrastructure. 

~- Mathias Thurman 


31.3% 
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SOURCE: IDC TELEPHONE SURVEY OF 
80 IT PROFESSIONALS IN VERTICAL IN 
DUSTRIES, 2001 


Security Q&A Line 
Got a security question? 
ITsecurity.com offers a free 
resource (www.itsecurity. 
com/asktecs/asktecs.htm) 
that might provide the an- 
swer. The Security Clinic 
offers the expertise of more 
than 120 professionals who 
provide answers to questions 
posted at its Web site. 

But don’t expect them to 
help you configure that fire- 
wall: A spokesman says the 
experts won't answer ques- 
tions that should be directed 
to a product support line. 
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PROJECT MANAGEMENT 
TO THE EXTREME 


Some companies are turning to an 
emerging methodology called ex- 
treme project management, a radi- 
cal approach whereby IT managers 
focus almost exclusively on the 
needs of end users. PAGE 38 


MAKING REALISTIC 
RO! CALCULATIONS 


Even in today’s cost-conscious cli- 
mate, IT leaders rarely know what 
‘ questions to ask 
when trying to 
determine re- 
turns on tech- 
nology invest- 
ments. That’s 
why leaders 
such as Merrill 
Lynch’s Marvin 
Balliet (left) use 
a template of questions they can 
continuously ask to keep projects 
on track. PAGE 44 


JOIN THE CTOCLUB 


Outside of a few MBA programs, 
schools don’t offer curricula that 
teach IT professionals how to 
become chief technology officers. 
Regional CTO clubs can help fill 
that void for aspiring technology 
managers and CTOs who want to 


CAREER ADVISER 


Fran Quittel offers advice to a busi- 
ness analyst who wants to work on 
an e-commerce initiative, an IT/ 
finance professional who wants to 
know whether she should expect 
any improvements in the New York 
job market and an application de- 
veloper who’s considering a switch 
to systems integration and middle- 
tier development. PAGE 47 
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JOHN BERRY 


Strategic Measurement 


HEN ARE YOU supposed to build an economic value 
model to justify a proposed information technology 
investment? Whenever the CFO or CIO asks you to. 
But a more subtle answer rests in a decision frame- 
work that can enlighten measurement practices by the 
nature of the IT investment a company wants to make. This framework 
suggests that rigorous measurement isn’t so important when investing in 


certain kinds of technology, which may be seen as 
heresy given today’s urge to measure. 

When seeking approval for an IT investment, tech- 
nology professionals should be as interested in know- 
ing when to measure as in how to measure. We know 
that the company’s culture and financial condition, 
plus the CFO’s predisposition, can determine mea- 
surement practices. So, too, should the nature and 
class of the technology. 

Here’s the simple argument: Some IT is needed to 
run the company, and it enables the deployment of 
more strategic kinds of technology. Is it really neces- 
sary to even attempt to model the internal rate of 
return, discounted cash flow or even the payback of, 
say, a WAN or storage investment? A rigorous finan- 
cial model might determine when in a company’s in- 
vestment cycle such an investment can be made, but 
the model should have little bearing on if it’s to be 
made. Clearly, the investment should be made since 
this kind of IT supports more strategic technologies. 

Consider what I call the economic value depiction 
pyramid. It helps answer this: When is it OK to con- 
fine a business case to a one-page summary or de- 
fense of the investment, rather than a detailed mea- 
surement exercise in which each cost and benefit 
metric — however arrived at — decorates 
an ROI calculation? Consider network- 
attached storage. Let’s say your company 
is adding three applications and a couple 
of new data stores, and e-commerce traffic 
is picking up. The sheer volume of infor- 
mation seems unrelenting. As costly as 
new storage technologies are, would a 
payback period calculation do any more 
to secure the investment than if you pre- 
sented that list of company realities? 


ing, inventory — and desktop and collaboration soft- 
ware. From this level, we move into the “magic king- 
dom” of strategic IT: customer relationship manage- 
ment, supply chain, field-force automation — anything 
that can give a company a competitive advantage. 

As we move further up the pyramid, two things 
happen: The kinds of metrics used to model the ben- 
efits change, and the pyramid narrows. The higher up 
the pyramid, the more the metrics focus on strategic 
issues, such as increased market share, reduced cycle 
times and increased revenue. 

The narrowing of the pyramid symbolizes confine- 
ment; the more strategic the IT, the less room for 
measurement error. The higher you climb, the more 
rigor and accuracy are required. This doesn’t mean 
that measurement of the support kinds of IT can be 
cursory or slipshod. Nor should we confuse strategic 
for complex. A storage-area network is as complex a 
proposition as an integrated marketing automation 
application. However, strategic IT introduces novelty 
— new ways of organizing business processes and 
defining job roles. 

Many will object to this framework of aligning 
measurement rigor against class of technology. Enter- 
prise resource planning (ERP), for instance, can be 

viewed as an infrastructure or support 
type of software because the entire com- 
pany depends on it, so ERP is both strate- 
gic and essential. And a company might 
invest in point-to-point Tl connectivity 
between dispersed facilities as a strategic 
weapon, since it might allow the company 
to more effectively collaborate in deliver- 
ing a product or service, enhancing its 
competitive position. 


At the bottom of the pyramid are the 
infrastructure-support kinds of IT: net- 
works, storage, operating systems, servers 
and databases. Moving up the pyramid, we 
find more support types of IT: systems-of- 
record applications — accounting, budget- 


JOHN BERRY is an IT 
management consultant 
and analyst in Bend, Ore. 

He's currently writing 
a book about the mea- 
surement of intangible 
assets. Contact him at 


These exceptions reinforce this general 
rule: Some iT is essential but not strategic, 
and never will be. Companies that accept 
the contours of this proposition will spend 
less time measuring what’s immeasurable 
and more time measuring what’s novel 
and, perhaps, able to generate revenue. D 








Takin 
Pro} 


Wantto really 

get your business 
clients engaged 
intheir projects? 
Trythis. 

By Kathleen 
Melymuka 
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HEN IT PROJECT manager 
Steve Hawrysh was 
brought in to a Midwest- 
ern fulfillment services 
company to fix a half- 
million-dollar project that was going 
nowhere, the first thing he noticed was 
that there was no real agreement on 
what the project was about. The goal 
seemed to be to port existing main- 
frame capabilities to a client/server en- 
vironment, but no one seemed to know 
why. “Nobody had really challenged 
the business to say, ‘Why are you doing 
this?’” recalls Hawrysh, an indepen- 
dent consultant in Plymouth, Minn. 
Using extreme project management 
tools, he forced the business unit peo- 
ple to figure out what they really want- 
ed and to realize that they didn’t have 





the time or resources to do it. The 
project was canceled. 

“That was a success,” he says, “be- 
cause I saved them $450,000.” 

“Most projects that fail, fail before 
they start,” says Rob Thomsett, a se- 
nior consultant at Cutter Consortium 
in Arlington, Mass. Thomsett is a lead- 
ing proponent of extreme project man- 
agement and author of Radical Project 
Management (Prentice Hall PTR, 
2002). Studies such as “The Chaos 
Chronicles” by The Standish Group In- 
ternational Inc. in West Yarmouth, 
Mass., show that IT projects fail be- 


| cause of lack of stakeholder involve- 
ment, incomplete requirements, lack of | 


sponsor support or unrealistic expec- 
tations — in a phrase: lack of commit- 
ment from your business customers. 

Extreme project management is a 
new approach that’s relatively un- 
known in the U.S. It requires the proj- 
ect manager to leave the technology to 
the tech team and concentrate his en- 
ergies on managing critical stakehold- 
ers. It grew out of the extreme pro- 
gramming movement of the mid-’90s, a 
radical version of rapid application de- 
velopment that emphasizes IT/busi- 
ness teamwork to provide enhanced 
customer satisfaction. (For more on 
extreme programming, go to www. 
extremeprogramming.org.) 

“It’s called ‘extreme’ because it goes 
against common practice and is suited 
to projects being done in chaotic envi- 
ronments under severe constraints,” 
says Thomsett, who does most of his 
work in Australia for companies such 
as A.M.P. Ltd. and Westpac Banking 
Corp., both in Sydney. “It’s like ex- 
treme sports in that you have to be 
really proficient to do it.” 

Thomsett has developed a set of 
tools that are paper-based exercises 


| designed to get stakeholders engaged. 


Project managers who have used the 
tools swear by them. “’ 
makes sure you're adding value to the 
company,” It makes 
you think about why we're doing it.” 
“In a traditional project, if it’s not 


This process 


Hawrysh says. “ 


| going to be done on time, someone has 


to break the news to executives,” says 


| Christine Moore, vice president of de- 


livery services at Caribou Lake Soft- 
ware LLC, a Minneapolis firm that 
does custom software development. 
“Here, there’s no news to break. If 
you're extreme, everyone is in it daily.” 
The following are four extreme tools 
that you can try. Project managers say 
that these tools, if used diligently and 
within the context of a so-called Rapid 
Project Planning session [QuickLink: 


| 31177], virtually guarantee that your 





| and a tight deadline. 


| prises. 
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business clients will take charge of the 


project. 

TTY Sliders: What 
Success Looks Like 

Traditionally, projects are deemed suc- 

cessful if they’re on time and on bud- 


get, but any business person stuck with 


a new system that doesn’t add value 


| can tell you there’s more to success 


than that. “The Holy Grail is not mod- 
eling requirements, it’s modeling ex- 
pectations,” says Thomsett. 

This exercise requires critical stake- 
holders to draw a detailed picture of 


| what project success will look like, us- 


ing “sliders” that can be turned all the 
way on (Level 5) all the way off (Level 
1) or anywhere in between, depending 
on how important each of seven crite- 
ria is to the project’s success (see illus- 
tration, next page) “This determines 
everything,” says Thomsett. 

Project managers say sliders help 
them understand whom they’re deal- 
ing with. Stakeholders in a financial 
system, for example, may turn up the 
budget slider but not care as much 


| about deadlines. Stakeholders in a 


Web-based customer-facing project 
may place more emphasis on quality. 

Sliders graphically demonstrate that 
when resources are limited, something 
has to give. “The tool forces [stake- 
holders] to face their own expecta- 
tions,” says Brian Walden, a program 
manager at AMP (U.K.) Financial Ser- 
vices Ltd. in Peterborough, Australia, 
who has used extreme project manage- 
ment extensively. 

James Peterson (not his real name), 
is an IT project manager at a large U.K. 
bank who asked to remain anonymous 
because his company is publicity-shy. 
The first time he used sliders, nearly 


| everybody turned all of them all the 


way on for a project with limited funds 
Then one busi- 
ness analyst got it: “Look,” he said. 
“You can’t buy a Rolls Royce for 


| $10,000; you buy a really good used 


Toyota that will get you from A to B.” 
Suddenly, everybody understood the 


tool, Peterson says. “Budget and time 


| became fully switched on, value to the 


organization received a 4, quality re- 
ceived a 2, satisfied customers 3, and 
the group accepted that they won't get 
too much personal satisfaction out of 


| the project because most of them 
| wanted the Rolls Royce,” he says. 


Sliders also do away with many sur- 
“There will be no death march 
without knowing in advance because 
they say upfront how important team 
satisfaction is,” Thomsett explains. 
Most important, sliders facilitate 
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MANAGEMENT 
ASampling of the Tools 


THE QUALITY AGREEMENT: Each critical stakeholder votes on which 
of 10 attributes are essential to the project. The sponsor uses their 
input to make the final decisions. 


CE 
Conformity Yes Yes No 


SLIDERS: In this project, budget and satisfaction are 
expendable. Meeting the deadline is a must. Meeting 
objectives with quality work is extremely important. 


E: g 3 ed 


Have satisfied client groups 


1S/IS NOT SCOPE PLANNING: The critical stakeholders of a proj- 
ect to add pages to a Web site might make the following deci- 
sions about what is and is not within the scope of the project: 


Working with marketing on Yes 


Creating new pages using the Yes 


1 2 3 4 5, 
LE TT 
Meet objectives/requirements 
1 2 3 a 5 


5 —S 
Meet an agreed budget 


1 2 3 3 
AT 
z A A 


Deliver the product on time 


t —--==-@-—-" =" 


Add value for the organization 


[=== =f 


Meet quality requirements 


1 3 ot 5; 
z Oe A OTS 
A 


Professional satisfaction for project team 


communication and expose hidden 
agendas because stakeholders have to 
agree on slider placement. “If you can’t 
get an agreement from critical stake- 
holders, walk away,” Thomsett says. 


TOOL? Is/Is Not: 


Scope Planning 

“A circle is defined by what is outside 
as well as what is inside,” Thomsett 
says. The same goes for your project. 


The key to scoping is to get your stake- | 


holders to define not only what is 
within the scope of the project, but 
also what isn’t (see illustration). 

Stakeholders are asked to name 
things that are inside and outside the 
project scope. For example, if your 
team will be creating new pages for a 
Web site, then “creating new pages” 
would go under “is.” But if the team 
won't be enhancing current pages, that 
goes under “is not.” 

Continue this as long as you can, 
Thomsett advises. “The further down 
you go, the clearer it becomes,” he says. 

“It gets people thinking,” says 
Hawrysh. “It really helps identify what 
this thing is you’re working on.” 

“People think they know what the 
project is, but you find that no one is 
really on the same page,” says Moore. 

As project manager, whether an ob- 
jective is inside or outside the scope is 
not your concern. The executive spon- 
sor “owns” the project; you merely fa- 
cilitate. “Let them fight over it,” Thom- 
sett says. If there’s anything that stake- 
holders can’t agree on, it goes to the 


design and implementation 
standards of the current 


redesign of current user 
interface 


Usabilit 


pages on the site 


Ensuring that pages will equal 
or exceed functionality of 
existing pages 


Making new pages available 
to all who access current site 


Soliciting feedback from 
e-commerce, call center, 
marketing and product devel- 
opment 


| executive sponsor for resolution. 


In the end, everything outside the 
scope either is assigned to a stakehold 


| er, becomes a different project or sim- 
| ply won't be done. 


“Projects are defined more clearly. It 


| brings out the queries much earlier,” 
| Walden says. In fact, he says, projects 
| are often canceled when the “is/is not” 
| session makes stakeholders realize that 
they’re not prepared to pay for the full 


scope. 
Stakeholder 


uy f Agreement 


Everything that is not within the proj 
ect scope, but is essential for the proj- 


ect (such as outsourced program- 


Doing Lattes 


“PROJECTS FAIL IN THE CONTEXT, not 
the content,” says Rob Thomsett, a senior 
consultant at Cutter Consortium and a lead 
ing proponent of extreme project manage- 
ment 

Thomsett likens a project to two concen- 
tric circles. The inner circle represents the 
project content - the technical deliverables 
The outer circle represents context - the 
managerial and sociopolitical environment 
Traditional project management is focused 
inward, he says, but extreme project man- 
agement focuses outward 

The bigger the project, the more time the 
project manager needs to spend on context 
In big projects, project managers should be 


Solving performance 
issues in current pages 


Facilitating additional access 
to the site 


Soliciting feedback from 
other departments 


Efficiency 
Maintainability 
Reusability 
Flexibility 
Reliability 
Portability 


Auditability/Security 


Job impact 


ming), is assigned to a stakeholder, 
who completes and signs a stakeholder 
agreement. 

In traditional project management, 
stakeholders are expected to take on 
responsibilities, but there’s no ac- 
countability, Thomsett says. For exam- 
ple, if a subtask is to be outsourced and 
the stakeholder doesn’t get around to 
it, the project team may end up doing 
the task by default, expanding scope 
and increasing risk without any recog- 
nition that it’s doing so. To avoid this, 
it’s essential to formally analyze, nego- 
tiate and agree in writing with each 
critical stakeholder on the services 
that are expected, the dates or timing 
of services, cost to the stakeholder of 


spending 70% to 80% of their time “doing 
lattes” with stakeholders, he says. That 
means schmoozing, politicking, keeping 
ihem in the loop, keeping up their interest 
and commitment, getting their input. Re- 
member, says Thomsett, it's their project. As 
project manager, you are merely the “pas- 
sive conduit of their hopes and dreams.” 
“These things are easy to say, but in prac- 


> tice very hard to do,” says Christine Moore, 


vice president of delivery services at Caribou 
Lake Software. “Project managers used to 


* assign tasks; now you have to work on rela- 


tionships with people and keep them in 
volved and committed. The customer may 
say, ‘I can't be there that day.’ People may 


> lose commitment. Your role really is running 


around ‘doing lattes.’ ” 
- Kathleen Melymuka 


No No No Yes Yes 


Ne No Yes No Yes 


No No No Yes Yes 


Yes Yes No Yes No 


Yes Yes No Yes Yes 


Yes No Yes Yes 


Yes Yes Yes Yes 


Yes Yes Yes No 


Yes Yes Yes 


providing the service, and an alternate 
source for obtaining the service. 


CNN The Quality 


Agreement 
What level of quality is required? The 
quality agreement lists 10 attributes for 
the project. The stakeholders must 
agree on which are essential. The proj- 
ect manager doesn’t care which attrib- 
utes the stakeholders choose. He mere- 
ly informs them that for every attribute 
required, both the risk and cost go up. 
The quality agreement sets the base- 
line for all project quality assurance 
going forward. 


Not for Wimps 

Extreme project management isn’t for 
everyone. It takes project managers 
with the courage and executive back- 
ing to make the stakeholders toe the 
line, and it takes business people will- 
ing — or compelled by senior execu- 
tives — to commit real elbow grease to 
a project. But the payback is worth it, 
say project managers. 

“The tools help the customer feel in- 
volved and part of the team,” says 
Moore. “The project is not something 
that happened to them; it’s something 
they’re a part of, and when that hap- 
pens, everything is easier.” D 


THE RAPP SESSION 


The Rapid Project Planning (RAPP) session 
project's tone and gets decisions made 


QuickLink: 31177 
www.computerworld.com 








NTIL 1997, Puget Sound Energy 


eee ; | 
Inc.’s definition of good customer 


service was mailing accurate 

monthly bills to its 2.1 million gas 

and electric customers. But with 

the possibility of deregulation or 

reregulation on the horizon, it 
knew it had to do better. 

So the Bellevue, Wash.-based utility company de- 
cided to deploy a new automated meter-reading 
(AMR) system from New York-based Schlumberger- 
Sema — at a cost of $45 million — and connect it to 
its customer information system, Customer Linx 
from Dallas-based Alliance Data Systems Corp. 

Puget Sound Energy’s (PSE) goal was to 
capture and share more real-time data 
with customers in Washington, where its 
coverage area spans nine counties. 

By spring 2000, PSE’s customer service needs shift- 
ed significantly. As wholesale gas and electric energy 
prices spiked, the company took the customer infor- 
mation from its AMR and billing systems and made 
it available to customers through an Internet portal. 

The 450,000 residential gas and electric customers 
who signed up for the company’s portal-based Per- 
sonal Energy Management (PEM) program in No- 
vember 2000 were able to see their energy usage for 
any given day, month or year, and compare the rates 
for peak and off-peak hours. They could also use a 
PEM calculator to see how they could reduce their 
bills if they were to switch from a flat rate to a time- 
of-day rate. (The program was only informational 
since time-of-day wasn’t available then.) It also 
hoped to realize a return on its investment in 10 
years — half the time it usually takes a utility to see 
ROI on an IT investment. 

But the utility got more than it had hoped for. Reg- 
ulators gave PSE permission to launch a pilot time- 
of-day billing program for 300,000 residential cus- 
tomers, who would be billed rates based on the 
times they consume energy rather than the tradi- 
tional flat rates. Customer response to the program 
was overwhelmingly positive. Of those customers 
who signed up, 89%, or 267,000, had shifted some of 
their energy usage from peak to off-peak hours, re- 
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PERSONAL ENERGY MANAGEMENT CALCULATOR 


FIXED RATE 


FIRED RATE 
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PUGET SOUND ENERGY’S Personal Energy Manage- 
ment calculator allows customers to see the time-of- 
day rates for their energy usage. 


sulting in an overall 5% to 6% switch to the more 
economical off-peak rates for PSE as a whole. 

But the big surprise was that 49% of those 267,000 
customers consumed less energy, resulting in a 1% 
reduction in overall usage, according to surveys by 
the utility company last fall. “The conservation was 
a surprise for us,” says Todd Starnes, PSE’s manager 
of business development. 

Different billing rates based on times of consump- 
tion have been available to large industrial customers 
for years. But what’s new is using the Web to offer 


Utility's Web portal lets customers switch to off- 


peak usage and cut costs. By \ 


Melissa Solomon 
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that information to residential customers as well, 
says Dan Miklavic, a Seattle-based energy analyst at 
Gartner Inc. “It’s fairly innovative in the sense that 
they [PSE] are changing people’s consumption 
habits. From a utility perspective, that’s not com- 
mon,” he says. 

In October, PSE extended its pilot to 20,000 com- 
mercial customers. In June, it got permission to ex- 
pand the residential pilot to 800,000 customers. 
Eventually, the utility wants to offer consumers a va- 
riety of rate packages similar to those offered by ca- 
ble companies, says Brian Pollom, director of meter- 
ing network services at PSE. 

The program was innovative enough to earn PSE 
the 2001 Edison Award from the Washington-based 
Edison Electric Institute, which recognizes energy 
companies for outstanding contributions to the ener- 
gy industry. 


Hefty Price Tag 

Although time-of-day billing is common in several 
European nations and throughout Australia, it’s still a 
rarity in the U.S. 

One reason is that it’s quite expensive. PSE spent 
$45 million on the AMR system alone, which was ful- 
ly deployed last month, according to Pollom. 

Regardless of the costs, Miklavic says utilities will 
likely follow PSE’s lead, because the not-in-my-back- 
yard attitude will always limit the number of power 
plants that energy companies can build. “It’s envi- 
ronmentally friendly, it encourages overall conser- 
vation, and it allows for the utility to meet demand 
in a more efficient fashion,” he says. “So it’s good 
business in the intangible sense. Financially, I’m not 
so sure.” 

But PSE has also seen financial and other benefits, 
says Pollom. The Internet self-service features and 
the AMR system have both helped the company re- 
duce its workforce, he says. 

The new system has shortened the billing and cus- 
tomer response cycles by days, adds Penny Gullek- 
son, vice president of customer service at PSE. It has 
also given customer service representatives more an- 
alytical data, so they can provide more helpful infor- 
mation to customers, says Starnes. If a family’s ener- 
gy bill spikes, PSE can pinpoint when usage went up 
— and perhaps determine, for instance, that it hap- 
pened when the kids were home from college. 

The standard return on IT investments for many 
utilities is 20 years, says Pollom. PSE’s goal was less 
than 10 years, and it’s now estimating a nine-year tar- 
get for direct returns that can be clearly measured in 
lowered costs or increased revenue. Factoring in the 
indirect returns, such as improved customer service 
and the time-of-day program that the new systems 
led to, PSE projects an ROI in less than five years. 

“It’s a large investment, and because of its size, you 
have to have a strong vision of the customer service 
and data you want,” says Pollom. “It scares away 
most, and that’s why you don’t see a lot of this tech- 
nology deployed at this level.” Yet. D 


PROGRAMMED SAVINGS 


Read how PSE is trying to develop thermostats that would allow 
consumers to reduce energy consumption 


QuickLink: 31302 
www.computerworld.com 
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Imation SLR storage technology scales with rt data 


A little or a lot, all of your data is important. And Imation, along with Tandberg. Data, developed SLR technology to help you manage it. The best 
replacement for DDS technology,.SLR data cartridges and dfives make ‘easy work of backing up and storing data. Anywhere between 525MB and 
100GB*. And you can do it confidently with the industry's lowest field failure rate of just 1.5%. These are just a few reasons SLR technology is the 
best way to stay ahead of growing data. Something Imation has been helping companies do for more than 50 years. Learn all about NE technology 
and Imation SLR data cartridges at www.imation.com/sIr. 





eo 





SLR Technology Development Partner 





[a 


WINNEBAGO 


See TEE 





(server 


Linux® ready with self-managing features for every e-business. 


| intel-based / xSeries 


it’s an dable and powerful 
combination of mainframe 
inspired reliability and smart 


systems management tools 


UNIX® / pSeries 

Highly available, highly affordable 
and highly coveted. The pSeries is 
the platform of choice for powerful 
UNIX and Linux solutions 
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Midrange / iSeries 
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Winning through server consolidation. Winnebago Industries lives by its e-mail system. By consolidating its 
functions onto one IBM @server zSeries running Linux, the company created an industrial-strength e-mail 
system, and saved on software licensing fees in the process. For a complimentary guide on server consolidation, 


visit ibm.com/eserver/winnebago @b nen i dle , Flag toni: 
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VEN BESIDE THE picture win- 
dow with a spectacular view 
of New York Harbor, it’s hard 
not to notice the red-letter 
mantra hanging in Marvin Bal- 
liet’s office: “Expense Reduction + Cost 
Avoidance 

Simple. But when asked how to mea- 
sure the return on IT investments, Bal- 
liet, chief financial officer at Merrill 
Lynch & Co.’s global technology and 
services division, can go on for hours 
and still leave questions unanswered. 
“Everyone talks about ROI,” he says. 
“But there is no simple answer to an 
ROI question.” 

The reason, Balliet explains, is that 
a return on investment formula is sim- 
ply a tool to help companies make wise 
business decisions. Effectively measur- 
ing ROI is a matter of devising the 
proper governance system and pro- 
cedures so business leaders ask 
the right questions and continu- 
ally revisit them to keep their 
projects on target. 

But even in the current cost- 
conscious business climate, many IT 
leaders have at best only a vague idea 
of what questions to ask. More than 
80% of Global 2,000 companies don’t 
have the right measurement systems to 
make sure that their IT initiatives are 
effective, according to Karen Ruben- 
strunk, an analyst at Meta Group Inc. 
in Stamford, Conn. For those compa- 
nies that do, coming up with the right 


Cost Savings.” 


questions is a constant work in progress. | 
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Everyone 
talks about 
ROI. But there 


is no simple answer 
to an ROI question. 


MARVIN BALLIET, CHIEF FINANCIAL 
OFFICER, GLOBAL TECHNOLOGY AND 
SERVICES DIVISION, MERRILL LYNCH 


For instance, when Balliet joined 
Merrill Lynch’s global technology and 
services division in 1999, he shifted 
responsibility for technology spending 
from the IT department to the business- 
unit leaders. He then had those leaders 
answer five broad questions aimed at 
capturing the scope and intent of their 


| technology projects. 


But Balliet soon learned that 
a question such as, What are the 
project’s anticipated mainte- 
nance costs? can leave a great 
deal of wiggle room. For exam- 
ple, maintenance costs might be inter- 
preted by different people as both soft- 


| ware and hardware maintenance, or 


just one of the two. So he eventually 
learned to break that question into 


| two: hardware maintenance costs and 


software maintenance costs. Balliet 


| has also added such nuances to his 


“finance toolbox” and expanded the 
questionnaire to better capture such 
details. Now managers must complete 


| asix-section business case with about 
80 questions (for more on this process, 
| use QuickLink 27942). 
| Leaving the answers to those ques- 
tions up to business users as opposed 
to IT leaders is the right approach, says 
H. Jameson Holcombe, CIO at Cambri- 
an Communications LLC, a telecommu- 
nications and network services compa- 
ny in Fairfax, Va. That might even re- 
| sult in business users choosing an ex- 
ternal vendor for a project instead of 
using in-house IT staff, he says. It’s 
often more cost-effective to stay in- 
house, but for a sales force automation 
project, for instance, the finance leader 
needs to make that call, says Holcombe. 
The problem is that many IT leaders 
insist on taking the lead on projects, 
| even though they’re not the ones who 
will be using the system and helping it 
realize its full potential, says Ruben- 
| strunk. “So IT gets a black eye because 
| there’s little accountability driving val- 
| ue realization within the business,” she 





Realistic ROI calculations require asking the right 


questions again and again. By Melissa Solomon 
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says. IT can guide users through the 
process and help them devise ROI fig- 
ures. But, Rubenstrunk says, “when it 
gets right down to it, a technology per- 
son has no right to be held accountable 
for the value of business projects.” 


Creative Calculations 

Once process and governance sys- 
tems are in place, it’s time to start nail- 
ing down actual numbers. But those 
numbers are often moving targets. 

For example, how do you determine 
funding costs when you don’t know 
what interest rates will be in 18 months? 
asks Balliet. Or, if a system was intend- 
ed to be a market leader but has since 
been adopted by competitors, will your 
company’s returns be diminished? If 
a project’s ROI was $50 million in in- 
creased income, and income rises $70 
million after the first year, does that 
mean that the project was a success, 
or was there a shift from a bear to a 
bull market that drove up returns? How 
about if the goal of a project was to cut 
20 staffers, but only 15 were let go? Does 
that mean it was a failure, or did sales 
volumes rose higher than expected, in- 
creasing the need for more man-hours? 

Such questions illustrate why it’s 
critical to measure a company’s com- 
petitive position rather than simply 
looking at past performance, says Bal- 
liet. Companies also need to measure 
projects as a portfolio of investments 
that are regularly re-evaluated, he says 
(for more on project portfolio manage- 
ment, use QuickLink 27643). 

If they don’t measure up, pull the 
plug fast. Canceling a precarious proj- 
ect 60 days earlier, rather than waiting 
around hoping things will improve, can 
save a lot of money, Balliet says. There 
are always new questions to ask in de- 
termining ROI, he says. But it can be 
worth the effort. 

“I don’t want to tell you how far over 
budget we were in ’99,” Balliet says, 
adding that a quick glance over previ- 
ous years’ technology budgets revealed 
similar numbers. In 2000, by contrast, 
his division was $77 million under 
budget, thanks largely to the greater 
attention paid to metrics. 

Many executives are under so much 
pressure to keep costs down that they 
won't even ask for IT dollars these 
days, says Dick Hudson, a former CIO 
who’s now principal of Hudson & As- 
sociates, an executive IT consulting 
firm in Katy, Texas. But with the third 
anniversary of the completion of the 
Y2k effort approaching, CIOs will need 
to start asking for technology upgrades, 
so they’ll have to learn how to sell 
projects to company leaders, he says. 
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Behind the Numbers 


CAMBRIAN COMMUNICATIONS CIO H. JAME- 
SON HOLCOMBE starts his ROI calculations by 
reviewing the following basic capital costs 
® Software/licensing 
@ Yearly maintenance 
® Professional services 
® Hardware 
Extra infrastructure needed 

The challenge, though, is that some of those 
costs are subject to interpretation, Holcombe 
says. For instance, for an order-workflow sys- 
tem, one manager might measure order proc- 
essing time from the time the order is placed 
until it's delivered. But another manager might 
simply gauge the time it takes to act on an 
order. So it's important to be specific about 
where the numbers come from 

Once Holcombe determines the capital 


In addition to honing project-pro- 


| posal skills, Hudson suggests that lead- 


ers also learn to repitch projects if ini- 


| tially rejected. If a manager explains 


what he has tried to do and documents 


| the problems he has faced because a 


project wasn’t funded, senior leaders 
will often recognize that the manager 


| put in a good-faith effort and will re- 
| consider the proposal, says Hudson. 


“A lot of CIOs never follow up on the 
projects they proposed to show they 


| are valid,” he says. 


Street Smarts 


Unfortunately, says Holcombe, 
there’s no one-size-fits-all formula for 
using metrics to ensure ROI. The only 
way to come up with a good quantita- 
tive analysis is to learn through expe- 
rience, he says. That’s where a solid 
project-management library docu- 
menting costs, hours and other factors 


from past projects comes in handy. 


For instance, if a project requires 
an estimated 300 hours of work, com- 
paring 300 hours in consulting costs 


| with the cost of using in-house staffers 
| for the same amount of time might not 
| provide the best numbers. For exam 

| ple, in-house developers may be paid 


on a 40-hour workweek but actually 


| average 60 hours per week, so the cost 
per hour for those workers may be less 


than it seems, he says. 
It’s also wise to ask vendors about 
their lessons learned regarding costs. 


| When vendors offer ROI figures, ask 
| them for real-world examples, grill 


| 


them about problems faced in those 
projects and insist that they think 
about how they’ll avoid those prob- 


: costs, he compares them with what he current- 
> lyspends and the anticipated productivity 

- gains from the proposed capital investment 

: But how do you determine those gains? 

: Meta Group analyst Karen Rubenstrunk says 

: there are two types of metrics to measure 

: gains from IT. The first looks at how effectively 
: an IT department is run. The second gauges 

: how valuable IT investments are to your busi- 

> ness. To measure your IT organization's effec- 

: tiveness, she suggests the following 

: = Review customer surveys. Has customer 

: satisfaction increased? 

: Consider the time spent on IT projects. Is the 
: IT organization improving its delivery time? 

> @ Test employees. Are they absorbing training 
: and learning new technologies? 

> = Quiz employees on the big picture. For in- 


lems this time, suggests Holcombe. 

Soft costs and cost benefits are also 
critical. For instance, about a year ago, 
Pacific Gas & Electric Co. started 
using help desk technicians to create 
new Web-based IT support features, 
including online incident reports and 
a technology tips newsletter. Those 
technicians spent less time waiting for 
calls and more time building tools to 
boost department efficiency, says Ruby 
Gin, supervisor of the San Francisco- 
based utility company’s technology 
service center. So not only were the 
technicians helping to improve the 
department; they were also given the 
chance to develop their skills and di- 
versify their activities, which can boost 
retention, she adds. 

“It’s good to have measurement tools 
in place, but what’s most important is 
the people,” says Gin. “You want to be 
able to do that and keep morale up so 
people want to give it 100%.” 

And, of course, there are the com- 
mon-sense measurements. A project 
might look great on paper, but if it 
ignores a critical reality, such as a key 
technology failing to perform as prom- 
ised, it could be a disaster, cautions 
Holcombe. 

“ Dilbert’ is a great example of how 
people lose sight of common sense and 
what’s important,” he says. “Try not to 
provide anecdotal stories for ‘Dilbert.’ 
That’s our mantra.” D 


| MORE THAN 20 QUESTIONS — 


For a sampling of the 80 categories Merrill Lynch CFO 
Marvin Balliet uses to gauge ROI. visit our Web site: 


QuickLink: 31240 
www.computerworld.com 


: stance, do they know the top three gover- 
- nance principles that drive the company’s 
- architecture? 


Are projects on time and on budget? 
To measure how valuable your IT invest- 


* ments are to the business, help business-unit 

: leaders develop very clear, tightly defined deliv- 
: erables in no more than three-month chunks 

- advises Rubenstrunk. Some possible deliver- 

> ables include the following 

: ™ Process efficiencies: Can this help eliminate 
: positions? 

: w Process redesign: Will the project help auto- 
: mate processes so new projects don’t need to 
> be started from scratch? 


= Customer satisfaction: Will your customers 


= spend more? 


- Melissa Solomon 








OIn 
The 
Club 


And Get Ahead 


FRRegional groups 
offer CTOs and 
wannabes a place to 
network and learn. 
By Steve Alexander 











MANAGEMENT 


UTSIDE OF A FEW MBA PROGRAMS, 
there are no schools that formally 
», teach IT professionals how to be- 
» come chief technology officers. 
But aspiring technology managers 
and CTOs who want to learn from 
their peers can receive an informal 
education through a number of regional CTO clubs. 
While there are only a handful of these groups, they 
appear to be broad enough in scope to help both ju- 
nior IT managers and seasoned CTOs. More recently, 
members say, they’ve been especially helpful to man- 
agers by providing guidance on how to steer budgets, 
projects and staffs through tough economic times. 

“For the last year, CTOs have needed more men- 
toring, whether to help downsize their staffs, manage 
the same workload on a smaller budget or make use 
of legacy systems at a time when they can’t make ex- 
penditures for new ones,” says Curtis Brown, CTO at 
Oxygen Media Inc., a New York-based operator of a 
cable TV channel for women. 

Jon Williams, CTO at Grey Healthcare Group Inc., 
a New York-based advertising and communications 
firm for the health care industry, has pushed for the 
creation of professional CTO groups as a way to help 
mentor prospective technology leaders. He is also a 
co-founder of the New York CTO Club. 

The New York CTO Club is limited to about 30 
members, who meet for breakfast once a month. 
Membership and attendance at meetings are by invi- 
tation only, and the group doesn’t have a public Web 
page. Through the group, Williams tries to identify 
people who are potential CTOs and help them learn 
management techniques that will serve them well. 

“Almost everyone in the group is a good technolo- 
gist, so they usually don’t need help in that area. We 
try to help them with management and 
communications skills,” says Williams, 
who was previously an IT consultant. 


Path to CTO 


Good technologists often follow the same career 
path, says Williams. They graduate, become profi- 
cient in IT and then discover that they haven’t 
learned management basics such as how to run a 
company or manage people. Williams says that the 
people he aims to help are the ones who have come 
to the realization that being an expert technologist is 
not everything you need to be a CTO. 

In the Midwest, the Chicago CTO Roundtable 


meets monthly for what co-founder John Adams calls | 


an opportunity “to bounce ideas off each other, 
whether it’s about the prices of hardware and soft- 
ware or staffing issues.” Adams, vice president of 
technology at CoolSavings Inc., a Chicago-based 
company that handles corporate sales promotions, 
says the mission of the roundtable is to provide a fo- 
rum for discussing common CTO issues and to help 
some of its 15 members or their guests “who jumped 
or were pushed into being CTOs a little too early.” 
Members of the Chicago CTO Roundtable are the 
highest-ranking IT executives from their organiza- 
tions, regardless of their individual job titles. In addi- 
tion, people with lower-ranking IT titles are wel- 
come as guests of members. Having a mix of people 
helps promote informative and practical conversa- 
tions, Adams says. For example, at recent meetings, 
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Receive mentoring on key nontechnical 
= nmunicating with top 
management and calculating return on 
investment estimates for IT projects 


Participate in candid peer discussions on 
common CTO issues, such as hiring con- 
sultants, choosing software and running an 
IT group ona tight budget. 


Get firsthand career advice from 
experienced technology leaders. 


members and visitors have shared experiences about 
selecting consultants and choosing the right method- 
ology for implementing new technologies. 

Mike Toma, CTO at eLabor Inc., a workforce man- 
agement software company in Camarillo, Calif., says 
self-interest propelled him to start the Los Angeles 
CTO Forum with five other members. He needed a 
group to discuss managing larger groups of employ- 
ees. “I tried for years to find CTO groups, but there 
weren't any except for large annual events. I wanted 
a smaller peer group where CTOs could get togeth- 
er,” Toma says. The group is now known as the Tech- 
nology Leadership Council and has 54 members in 
chapters in Los Angeles, San Francisco and Boston. 

Toma sees a a big need for peer mentoring because 
most CTOs come from technical backgrounds and 
haven't had a chance to develop their people or man- 
agement skills. “We discuss things such as the vari- 

ous roles of CTOs, the metrics and ROI 
statistics that are used each day to make 
decisions and how to deal with the exec- 
utive management team,” he says. 

One of the best things CTO mentors can do is help 
others choose whether to focus on technology or on 
management, says consultant Andreas Turanski, a 
member of the New York CTO Club. “Most people 
can’t be equal in both technology and management. 
So the best answer is to decide what you should try 
to pursue,” Turanski says. 

Another big issue for many CTOs is the need to 
learn on the job. “The right people may be in the 
CTO jobs, but it happened to them too fast. Peer 
group mentoring can help that situation,” says Eric 
M. Mark, a New York CTO Club member and CIO at 
AEGIS Insurance Services Inc. in Jersey City, NJ. 

Mentoring is also good for the person doing the 
teaching, says Oxygen’s Brown, who is a member of 
the New York CTO Club. 

“Mentoring is as satisfying as anything else in my 
job,” he says. “If I can do something to make some- 
one else do their job better, I’m one satisfied CTO.” D 


Alexander is a freelance writer in Edina, Minn. 
Contact him at sorion99@yahoo.com. 


CTO CLUB CONTACTS 


w New York CTO Club: John Williams, jonwilliams@yahoo.com 
@ Technology Leadership Council: Mike Toma, Mloma@elabor.com 
a Chicago CTO Roundtable: John Adams, johnadams@coolsavings.com 











COMPUTERWORLD July 22, 2002 


Dear Career Adviser: 


MANAGEMENT 


I have a finance and computer science back- 
ground and several years’ experience working 
as a business analyst. I’m interested in working 
on an e-commerce initiative. What roles make 
sense for me? — E-INITIATIVE 


Dear e-Initiative: 

The investment and finance commu- 
nities have been hit hard this year eco- 
nomically. Companies in this market 
segment are interested in providing 
services that help retain customers, 
using the Internet as a channel to reach 
customers and providing intranets for 
customer service. 

“Many jobs require contact with the 
business users for design and analysis, 
plus the ability to talk to the technical 
folks who are actually doing the hard 
coding,” says Loretta Smith, a senior 
consultant for information architecture 
at T. Rowe Price Group Inc. in Balti- 
more. “Plus there are database and sys- 
tems development jobs.” Therefore, 
where you go from here depends in 
part on the role you want to play. 

If you want to remain an analyst, the 
key to being useful in this medium is 
having experience working with end 
users to decide the requirements and 
thinking about the designs that might 
solve a particular problem. You will 
also need to show that you understand 
the company’s business and demon- 
strate competency on issues regarding 
security, network traffic and databases. 

“At some point, someone has to send 
a SQL call for data, and that is where 
the rubber meets the road,” Smith says. 

Finally, you might have to apply for 
contracting, temp-to-perm or even op- 
erations jobs to get your foot in the 


Keep your skills 
updated by learning 
about upcoming 
releases and going 
to vendor Web sites. 





| dent at Lee Hecht Harri- 


door. In this environment, companies 
often want to look at you before they 
commit to a full-time relationship. 


Dear Career Adviser: 
I have worked in IT and finance 
in the New York area and am wonder- 
ing whether there has been any im- 


| provement in the market. If so, where? 


Also, are there any particular strategies 


| to generate more interest in my back- 
| ground? — EAST COAST ELLEN 


| Dear East Coast: 


Even companies with 
hiring freezes are still 
doing some hiring on the 
permanent side and a bit 
more on the consulting 
side because jobs still need 
to get done, says Jay Colan, 
a New York-based senior 
consultant and vice presi- 


son, a global outplacement 
firm. But you undoubtedly 
will need to do a lot to get 
yourself noticed and stay 
fresh in a tight market. 

If you haven't already, start network- 
ing. Contact people listed on company 
Web sites and on your college alumni 


| site. Also, attend events such as those 
| sponsored by the New York Software 


Industry Association (www.nysia.org) 


| or the New York New Media Associa- 
| tion (www.nynma.org). 


Then, work on your résumé. Ré- 
sumeés of senior people attract atten- 


tion if they highlight skills in enterprise 
systems, security and risk management. 


Junior people will stand out from the 
crowd if they have skills in desktop 


| support, security and LAN administra- 
| tion, says Colan. In addition, résumés 
| seem to get more hits if they feature 


qualifications such as the Microsoft 
Certified Systems Engineer and the 
Project Management Institute’s Project 
Management Professional certifica- 


FRAN QUITTEL is an expert 
in high-tech careers and 
recruitment. Send 
questions to her at 
www.computerworld.com/ 
career_adviser. 


ee | 
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tions. Keep your skills updated by 
learning about upcoming releases and 
going to vendor Web sites, where you 
can often find new client presentations 
and white papers. Since the early fall is 
when managers prepare and submit 
budgets, follow Colan’s advice: Don’t 
slack off even though it’s summer. 


Dear Career Adviser: 


I started in mainframe applications 
programming, working most recently 
as an applications developer in a cross- 


| platform development environment. I 


had a Y2k project but now need to think 
about revitalizing my technical career, 
perhaps by moving over to systems inte- 
gration and middle-tier development. 
What is the most logical route? 

— MAINFRAME TO THE MIDDLE 


Dear Middle: 


The market made two or three ad- 
vances while you were involved in 
your rewarding Y2k effort, and now 
you need to play catch-up with Java de- 
velopment and network 
computing architectures, 
says Paul Ryan, chief tech- 
nical officer at Overture 
Services Inc., a Pasadena, 
Calif.-based company that 
provides pay-for-perfor- 
mance search capabilities 
to Web sites. 

Essentially, you have a 
few choices. If you want 
to work on the latest en- 
terprise systems integra- 
tion projects, you must 
understand today’s plat- 
forms and “who is inte- 
grating what with what,” 
says Ryan. This demands, among other 
competencies, experience with appli- 
cation servers such as IBM’s Web- 
Sphere, BEA Systems Inc.’s WebLogic 
and Sun Microsystems Inc.’s iPlanet, as 
well as experience with Java 2 Enter- 
prise Edition, Enterprise JavaBeans 
and enterprise messaging and Art 
Technology Group Inc.’s Dynamo per- 
sonalization and commerce functional- 
ity product. 

Even if you have training and certi- 
fications under your belt, you'll be at 
a disadvantage at interviews if you 
don’t have hands-on experience with 
these newer architectures. But you 
can still impress a hiring manager 
by downloading applications from a 
Web site and building an application 
server environment, which will give 
you something substantial to demon- 
strate. D 





No kidding. CA is the first enterprise 
software company to attain gicbal 
ISO 9002 quality certification. But 
our commitment to quality doesn't 
end there. It extends into every prod- 
uct we make, and every customer 
relationship. After all, we didn’t get 
to be the long-standing world leader 
in eBusiness software for nothing. 
To find out more about how we make 
it easier to do business on your 
terms, or to hear from some of our 


customers, go to ca.com/innovation. 


Computer Associates™ 





4th Annual 





conrerence Mark Your Calendar 
ap Na recite he 
‘Award-Winning Enterprise Leaders! 


Exchange Practical Solutions and Ideas 
with Leading IT Executives 
Proving Gain expertise on the art of negotiating and creating 


} true partnerships with vendors. Profit from proven IT 
ELT asset procurement and management tips. 

























Integrating Acquire key strategies for application integration 
and learn the latest about .Net, Web services, mobile 
Technology and technologies, CRM and business intelligence software. 


STURT alee 


Securing sdatzwe Hear how leading users and suppliers are protecting the 
Enterprise enterprise from risks, assuring business continuity, secur- 
ir ing e-business and managing wireless access. 


Upg rading tdatzwe identify best practices to leverage data management, 
storage and network infrastructures. Master the evalua- 
IT Infrastructure tion of outsourcing deals and the use of service providers. 





ious honor, visit: 





For companies interested in sponsoring and exhibiting, contact your Computerworld sales executive, or Ann Harris at 508-820-8667. 
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IT CAREERS 


Oracle Project Leader — 
Southborough, MA 


Provide sp ized know 

to the Oracle Financial & Mi 

agement Program. Responsible 

for overseeing technical su; 

& services for the Oracle pro- 7 _ 

duction systems. Wi entity é FOUNDSTONE 
correct problems pilus 

software. Develop training mate- 

rial & develop project plans f 

the financial & manufact 


aga Sea Vice President of Product Development { 


Programmer working with O net dal r ls For 
tools. Applications expe » wigs 5 
must include D 

chain, financial ules & AOL 

Must have extensive knowledge 

of system methodologies for 

Oracle applicatic 

rience in integration 

applications with thirc 

applications, knowledge 

house management 

data warehouse, business 

objects & EDI is required. Job 

Code: OPL 


Interested: Please send resume 
job code & salary requirements 
to: HR Dept., Hon | Cor 
sumer Products, 250 Turnpike 
Road Southborough MA 
Fax: (508) 460-8056 mail 
sumMe.account @ honeywell.com 
Nn equal Opportunity iploye 


IT PROFESSIONALS NEEDED 

Programmer Analysts....Sys o TY ¥ 

a : MCINTYRE 

ment...Digital Equipment (India RIT EG pe BS 

Ltd. is a leading software ” ; 

pany with offices nat 

With Digital you will get 

Additional Compensation for re 

ferrals, and Professional Chal 

lenges with training and assign 

m keep you at the leadi 

edge of technolog 

people with the followin 

OS: Open VMS, NT/ 

2000, Tru 64Unix 
Nguages/Tools 

Dcom, Jav 

VB, VC++ 

CORBA, RMI 


Forms, ACM: 7 
Middleware: MSM XE SAP CONSULTANTS: Deve 


Sit RE Database: Oracle rvel mplem functional modules 
Sybase and Rdb as FI/CO, MM, SD, PP ABAP 


~ : Applications can be sent t amr , ; | 
NETWORK WORLD, Dighat Eauioonont neh bad PROGR ANALYSTS: Participate - fy SB ai teres, 
3 Sou preempt the inside track on 
all the hottest tech jobs, 


Shr ury, | Massachu ising cle 7/8,and/or Java 
DESIGN ENGINEERS ri 1 a a) (Ss £ 7 ik sae 


iT firm in Detroit,M! seeks to fill 
the following positions: 


COMPUTERWORLD, 01545 a 
1. Exper in design, implem, data 


Digital Equi 
igration, testing of PDM 
First Data C etaphase. ichill/Enovia 


Hep You Do Database Admini sens DICA “oe 


Quality Assurance Anal) ar in ICAD deve 
Rel Manager r sther KBE OO Systems, w/s 


ya B ETTER J (Oe) 3 Software Developer/Anal background in CAD/CAM/CAE 


and Intermediat: oftw 


AND INFOWORLD 


Now. Let Us HELP 
You GET:ONE. 


veloper. Database Adr i REQUIREMENTS 


hav 


omputer science. 
engineering. Software Quality 
Assura Ana must f 
two years related experience ir 
software quality a and 
a bachelor's or foreign equivalent 
in computer sci 
Manager must have t 
experience as a 
neer and a bachelor's ¢ 
equivalent in 


Must have B: 
CS, Mechanical or 
Adm, Finance or related field: & 


1 S exp in the req'd area 


Positions available in Detroit, Mi 
t client sites throughout 

ail resume to HR 

32255 Northwestern Highway. 
#248, Farmington Hills, Ml 48334 


Sd 


Orvnre Senior Software Developer/Ana The hottest job leads. you can’t 
at a lyst must have two years u . a find anywhere else are all right 


ware development experience 


and a bachelor’s oreign — . here. That*s—because Dice is all 
1-800-762-2977 eaphaian beceemyaais ealenes atabace Administrators sought tech jobs, all the time. Get the 


or related field. Interm t : } 
Software Deve 1 : de, test, and implement inside track on the best tech 
three years experience imple sical database. Design logical 5 r ei Bs 
menting and integrating cle NC cal databases. Manage jobs. Go to dice.com today. 


products. We have posi < and maintain database. 


the following areas: Mont 
n Fi Rock 
CA a0 east o> co Both positions require BS in | 
careers.com send your resume by mail Computer ce related major jag i. 


to: Norm Barnett, First Data related experience. Send 
Corporation, 6200 S. Quebec resume HR, World Trade Network, 
St., Greenwood Village, CC Inc. 5433 Westheimer, #200. 
80111, and refer to job #3963RA Houston, TX 77056. 


cwoz0722Ewmw 1 Computerworld * InfoWorld + Network World + July 22, 2002 





Systems Analyst- Analysis and 
definition of system requirements. 
Developing and writing the 
design specifications. Based on 
these specifications write pro- 
gram code in C, C++, Java, ASP, 
etc. using personal computers or 
SE rs. Responsible for testing. 
de ing, maintenance and 
mentation of the system 
ansible for designing, coding 

and implementing business to 
consumer ommerce application 
and bi to business e-com 
merce application using C++, 
Java and Net.Commerce. Must 
have d course work in 1 
Numerical analysis and compu- 
tational methods. 2. Database 
management systems.3. Data 
ation & Network 4 

and Computer Engi- 

Will accept MBA 

ut experience in lieu of 
elor's degree plus two 
years of work experience. The 
ation per year is 

0. 40 hours per week, 8 

PM, M-F, Norcross, GA 
Bachelors degree in Computer 
Science, Engineering or any field 
ence and experience in 

nent Designing and 

of Management Infor- 

mation Systems and e-commerce 
tions with two years of 
experience. Qualified individuals 
who meet the above requirements 
must report or send two resumes. 
to GA Department of Labor 
1535 Atkinson Rd. Lawrenceville 
GA 30043-5601 or the nearest 
department of Labor Field Service 
Office. Please refer to Gwinnett 

Job Order# GA 7098070 


Several computer related posi- 
tions available for international 
airline telecom and information 
services company. Degree, tech 
nical skills & experience vary per 
positions. Send resume tc 
Natasha Lyttie, SITA INC, 3100 
Cumberland Bivd., Ste. 200, At 
lanta, GA 30339 or jobs@ 


Sitacareers.com 


Applications Developer. Develop 
and implement web and intranet 
based s/ware apps using Oracle. 
SQL, Cold Fusion, Interdev 
DreamWeaver, and Flash. Bach 
elor degree in C.S. req'd, as is 
9 mos of exp in job off'd or 
a web-based programming 
position. Must have exp using 
SQL in a web-based environ 
Competitive Salary. Resumes to 
Dennis Hunter, Pratt Corporation 
Job #2489.02, 3001 E. 30th St 


E 
Indianapolis, IN 46218 


Software Engineers & Program: 
mers. Analyze, design, develop, 
test and implement specialized 
business apps. in Business 
Objects Ver 5 |, Web Intelligence 
and related Business Objects 
products, VB Script, Oracle and 
related RDBMS and related 
tools. US Workers only. Prevailing 
wage & benefits. Travel to client 
sites req'd. Contact Evelyn Logan, 
Sapphire Consulting, 8 Orange 
St., Edison, NJ 08817. EOE 


Call your 
ITcareers Sales 
Representative 

or Janis Crowley 


1-800-762-2977 


Software Programmer/Project 
Leader Lisle, |i Software 
programmer/project leader to 
work on records management 
system project, using Microsoft 
Delphi, Visual C++ and MS SQL 
7.0/200 based management sys- 
tem. Require to analyze system 
and business requirements and 
Gevelop software programs to 
meet them using Object-Orient- 
ed methodology. Must have 
Bachelor degree in science field 
1 yr experience as Software 
Prog./Project Leader 40 h/wk 
OT as needed 8-5 PM $60,00 
annual OT at OT rate. Applicants 
must show proof of legal authority 
to work in U.S. Send 2 cover letters 
and 2 resumes to 

ILLINOIS DEPARTMENT OF 
EMPLOYMENT SECURITY, 401 
South State Street — 7 North 

Chicago, IL 60605 Attn: Brenda 
Kelly, Ref.3 V-IL 31538-K AN 
EMPLOYER PAID AD. NO 
CALLS 


Seeking qualified applicants for 
the following position in Memphis. 
TN: Senior Programmer Analyst 
Formulate/define functional re- 
quirements and documentation 
based on accepted user criteria 
Requirements: bachelor's degree 
or equivalent” in computer science. 
MIS, computer systems engi- 
neering or related field plus 5 
years of experience in systems 
‘applications development. Ex- 
perience with client/server tech- 
nology or object-oriented analysis 
C, C++, Smalltalk, Visual Basic 
or Java; and CORBA also 
required. “Master's degree in 
appropriate field will offset 2 
years of general experience 
Submit resumes to Sibi George, 
FedEx Corporate Services 
1900 Summit Tower Bivd., Suite 
1400, Orlando, FL 32810. EOE 
M/F/D/V. 


Software Developer. Develop 
computer apps. s/ware and spe- 
cialized util. programs using 
OOD, RDBs, Network Security, 
QA, and internet apps. Masters 
degree in C.S., Eng'g or sim 
field req'd, as in 2ys of exp. ina 
s/ware devel. position. Competi 
tive Salary. Resumes to Kimber 
ly Miller, Dir. Of H.R., Rose- Hul 
man Institute of Technology, Job 
#1865.04, 5500 Wabash Av- 
enue, Terre Haute, IN 47803 


Software Engineers needed 
Senior level positions available 
for candidates possessing MS 
degree or equivalent and/or 
relevant work experience. 1 year 
of the experience must include 
working with Oracle and Devel- 
oper 2000. Work with the following: 
Oracle, PL/SQL, Developer 
2000 (forms 6i and Reports 6i) 
and Visual Basic. Mail resume 
references and salary require- 
ments to: Symbiosis International. 
3965 Okemos Road #B2 
Okernos, MI 48864 


TECHNICAL 

SBI is looking for the following 
positions for its offices in 
Houston, TX, San Francisco, CA. 
Warren, NJ, Salt Lake City, UT, 
and Portland, OR: Programmer 
Analysts, Technical Architects 
Graphic Designers, Business 
Strategists, Systems Analysts 
Software Eng. Resumes by email 
or fax only to B. Tognazzini, SBI 
and Company, 410 Townsend 
St.. San Francisco, CA 94107 
btognazzini@ sbiandcompany.co 
m; fax (415) 369-6822 


IT CAREERS 


Digeo seeks S/W Engr. for 
Kirkland, WA office. DESC 
Dsgn, dev, impi, & test multi 
tiered distrb. apps. to access 
data on local & remote RDBMS 
util, SQL, Java, C/C++, OO 
dsgn methodologies, Win, & Linux 
Unix o/s. Install, config, & deploy 
web & app. servers. REQ: BS in 
CS, Math, Engr, or Physics plus 
2 yrs exp. dsgn, dev, impl, & test 
RDBMS & rel. multi-tiered distrb. 
apps. util. SQL, Java, C/C++ 
OO dsgn methodologies, Win, & 
Linux/Unix o/s. Install, config, & 
deploy web & app. servers 
Prem. sal + bns & benes. Pis. 
reply to HR, Job # DI-103, 8815 
122nd AVE NE, Kirkland, WA 
98033. 


Pro Softnet Corporation has 
multiple openings at its Woodland 
Hills office, and unanticipated 
client sites throughout the U.S for 
the following postions: Software 
Engineers, Programmer Analyst 
Business Manager, Management 
Analyst. Mail resumes to : Pro 
Softnet Corp. 21300 Vicory Bivd. 
# 1230 Woodland Hills, CA 
913007 Attn R. Kulkarni Code 
P101 


Mphasis-BFL Ltd. and its subsidiary 
Mphasis Corporation has multiple 
Openings for the following positions 
at its offices in Santa Monica 
New York and unanticipated 
client sites throughout the 
U.S: Programmer Analyst, Software 
Engineer, Project Manager, 
Management Analyst,Sales 
Engineer, Business Development 
Manager, Finance Manager 
Please send resume and salary 
history to: hr@mphasis.com or 
mail to: HR 444 Park Avenue 
South, Suite #503, New York, NY 
10016 


Responsible for coding, design 
ing and re-engineering Web 
applications for clients. Write 
applications using C++ 
Rational Rose, UML and object 
oriented analysis and design 
Responsible for dealing with the 
business partners in gathering 
the requirements and creating 
specifications. Must have a 
Bachelor's degree in CS or for- 
eign degree equivalent. Must 
have 1 yrs of exp. in job offered 
Salary Competitive: Send 
resume to: Raj Shekaran 
Software Research Assoc. 70 
Mansell Ct. Ste. 100 Roswell 
GA 30076. 


SYSTEMS ARCHITECT to serve 
as chief architect for major client 
server projects using a CASE 
Life Cycie Methodology. Serve as 
a CASE Administrator, providing 
overall troubleshooting solutions 
in an ORACLE development 
environment. Provide systems 
architectural solutions applications 
development in a Client Server 
Environment. Conduct design 
and development peer reviews 
for quality assurance. Mentor 
overall development standards 
with application teams and leads. 
Provide directional support for 
DBA.Production Control in the 
areas of performance evaluation 
and tuning. Also act as backup 
DBA. Require B.S. degree in 
Computer Science and 5 years 
experience in the job offered 
or 5 years related experience 
as Systems Analyst, Software 
Consultant and/or Software Pro- 
grammer. Work experience must 
include 5 years of experience in 
an ORACLE CASE environment. 
40 hrs/8:00 a.m. to 5:00 p.m 
$83,200 per year. send resumes 
to MDCD/ESA, P.O. Box 11170, 
Detroit, Mi 48202. Ref. No 
202155. Employer paid ad. 


Software Engineer: 40hr/wk, 
8am-5pm, $60,209/yr. Min. 
Requ-M.S. in Computer Science 
or related. Develop the Net Event 
Report system using data 
generated from OPENVIEW 
system; object-oriented design 
using C/C++, UNIX, AIX600, 
AS/400, Java, and HTML; create 
Net Event Report Data Base 
in Oracle; generate different 
reports using CGI, network 
management using Oracle-web, 
HP-Unix, Perl and CGI; data- 
base transfer using Visual Basic 
3 yr above exp. or in related 
occupation: Programmer/Analyst 
“Employer Paid Ad”. Contact 
MDCD/ESA, P.O. Box 11170, 
Detroit, Mi 48202, Ref. # No 
202404 


PROGRAMMER ANALYSTS 
wanted by software consulting 
co. in Houston, TX. Must have 
degree and exp. Respond by 
resume to: Mr. B. Hilton, R/T#10 
Connective Technologies, Inc 
7676 Hilimont St., Ste 120, 


Houston, TX 77040 


PROGRAMMER ANALYST 
wanted by computer consulting 
firm from Sugar Land, TX. Must 
have Computer Science degree 
and exp. Respond by resume 
only to: Ms. B. Nelson, Recruiter 
J/K, Digital Consulting & Soft 
ware Services, One Sugar 
Creek Center Bivd., Ste. #500, 


Sugar Land, TX 77478 


Asst Vice Pres. (Los Gatos, CA) 
Manage ail bus. for sale of Active 
Matrix Liquid Crystal Display 
technology in Japan & Asia 
Oversee dev. of bus. plans, 
policies, & aims to improve mrkt 
position & share. Apply bus./en- 
g’g principles to rel'ship of Kopin 
& our clients. Travel to bus. 
territory. Qualify with BS, EE or 
rel. area, 5 yrs exp in job or 5 yrs 
in eng’g sales & mktg. Send 2 
resumes to: NP, Kopin Corp. 

695 Myles Standish Bivd 
Taunton, MA 02780, an EOE 


COMPUTER PROFESSIONALS 
Opportunities for 


¢ WEB ARCHITECTS, 
DEVELOPERS 

* SYSTEMS ANALYSTS 

* WEB GRAPHIC DESIGNERS 

* NETWORK ENGINEERS 

* PROGRAMMER/ANALYSTS 

* SOFTWARE ENGINEERS 


SKILLS 


* COLD FUSION * SPECTRA 
* ORACLE * VISUAL BASIC 
* VISUAL C++ * SIEBEL « ASP 
* COM, DCOM « JSP * HTML 
* JAVA, JAVA BEAN * EJB JAVA 
SERVLETS * WEBSPHERE 
* IBM MQ SERIES « XML, UML 
*MTS « CLARIFY * PERL 
*OBJECTPERL + SPYPERL 
* SMALLTALK * PL/SQL 

* VISUAL AGE * COBOL, SPL 
UNIX 


Visit our website @ 
www.computerhorizons.com 


Attractive salaries and benefits. 
Please forward your resume tc 

H.R. Mgr., Computer Horizons 
Corp. 49 Old Bloomfield Avenue. 
Mountain Lakes, New Jersey 
07046-1495. Call 973-299-4000. 
E-mail: jobs @ computerhorizons. 
com. An Equal Opportunity Em 
ployer M/F. 


DIRECTOR OF TECHNOLOGY- 
Interior Construction Company 
seeks Director of Technology 
with the following responsibilities. 
Oversee a network of 100 work- 
Stations, 15 servers & a tech 
staff of 2 programmer analysts & 
5 network technicians; design & 
build construction information 
system & integrate w/existing 
legacy accounting system; 
integrate existing construction 
technology with AIA standard 
processes to streamline the 
work processes. Successful 
candidate will have a Bachelor's 
degree in Computer Science or 
Civil Engineering, & 1 y exp. in 
job duties or 1 yr. exp. as Civil 
Engineer. Experience in DB 
programming, Drywall technolo- 
gies & processes & NT networks 
a must. Mail resume to Component 
Assembly Systems, 620 Fifth 
Ave., Pelham, NY 10803, Attn 
John Rapaport 


Sr. Software Engineer: Chariotte, 
N.C. Full-Time. To review, analyze 
and modify programming sys- 
tems as well as develop Java, 
EJB, JSP and XML, conduct unit 
and integration testing, document, 
produce SQL, integrate with 
hardware group and have profi- 
ciency in various Servers. B.S. 
in Engineering or academic 
equivalent in engineering or 
related occupation plus 5 years 
of progressive experience in 
Engineering is required. Fax 
resumes to R. Brinson (704) 
510-0408 


Programmer Analyst needed by 
GA based IT firm. req'd skills 
Websphere Commerce Suite, 
Websphere Application Server, 
OOAD, RUP, Java, C, C++, 
UML. Send Resumes to HR 
Dept, Objects On Net, Inc 
110 Commerce Dr, Suite 111 


Fayetteville, GA- 30124 


Software Engineers, Atlanta 
Develop, support & enhance web 
based collaborative software 
tools in Unix & NT environ & in- 
tegrate legacy sys. using Java 
XML, DHTML, DCOM, EJB, JSP, 
Serviets, OOD-OOP. Req. BS in 
HCI, 1 yr development exp & 
knowledge of J2EE, EJB, 
Serviet and JSP. Fax resume: L 
Anderson, MediaOcean, 404 
885-9949 


Noetix seeks Sr. S/W Engr. for 
HO office in Bellevue, WA. DESC 
Lead team of developers & 
engrs. Arch, dsgn, dev, & test 
corp. |S, RDBMS, servers & rel 
web apps. util. SQL, C++, OO 
dsgn & prog, COM/DCOM. 
ODBC, MFC, Win & Unix o/s 
REQ: BS in Engr, CS, Phys, or 
Math + 5 yrs. exp. dsgn, dev, & 
testing ROBMS & rel. apps. util 
SQL, C++, OO dsgn & prog, Win 
& Unix o/s. Plus 1 yr. exp. dsgn & 
dev. web apps. util. COM/DCOM. 
ODBC & MFC. Prem. sal. + 
benes. Pls. reply to J. Hubbs, Job 
#NC-106, 2229-112th Ave NE 
Ste. 200, Bellevue, WA 98004 


Computerworld * InfoWorld » Network World + July 22, 2002 
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where the best ge! better 
1-800-762-2877 


IT careers.com 


Managing Systems Engineer 
manage, direct and oversee the 
sale of software products based 
on his technical knowledge of 
software system and develop- 
ment. Hire, fire, and train sales 
engineers and other technical 
Staff. Create sales strategies. Su- 
pervise and assist in the devel- 
opment of software products, as 
weil as maintenance and techni- 
cal support for such products. 
Req. Bachelor's Degree in Busi 
ness, Economics, or MIS with 2 
years exp. in job offered or IT 
Manager. Must have ability to in- 
stall CICS, VTAM and IMS. Must 
be proficient in setting up TCP/IP. 
$100K/yr, 40hr/wk, 9-5. Send re- 
sume to Beta Systems Software, 
Inc. at 10 Eastbrook Bend, Suite 
101, Peachtree City, GA 30269 


Software Engineer wanted by 
Noriden Corp. in Piscataway, NJ. 
Must have a Master's degree 
in computer science or related 
fields with at least two years 
experience in developing trading 
systems. Job duties inciude 
designing and developing archi- 
tecture for trading systems using 
object-oriented technology and 
various software development 
tools, and developing and 
implementing high performance 
applications using various data 
communication protocols, stan. 
dards and equipment. Must have 
Fixed Income and equity deriva- 
tives knowledge, strong math 
background and quantitative 
skills. Please send resume to 
www.noriden.com 








careers.com 


SOFTWARE ENGINEER 


Software engineer to design 
develop and test computer pro. 
grams for business applications; 
analyze software requirements 
to determine feasibility of design. 
direct software system testing 
procedures using expertise in 
Tuxedo, JDeveloper, Oracle 8.0 
and JBuilder. Requirements 


jachelor's Degree or equivaient 
in Computer Science or related 
field and two years experience 
as a software engineer or com 
puter programmer, knowledge of 
Tuxedo, JDeveloper, Oracle 8.0 
and JBuilder. Salary: $70,000 
year. Working Conditions: 8:00 
A.M. to 5:00 PM., 40 hours 
week, involves extens 

and frequent relocation. Apply 
Manager, Butler County Career 
112 Hollywood Drive, Suite 101 
Butler, PA 16001, Job No. 
WEB259773. 


Programmer Analysts-Experience 
with ERP/CRM, ORACLE apps 
PowerBuilder, MS SQL Server 
DBA, JAVA, ASP, Network Engi 
neers Employer is a computer 
consulting company. Relocation 
required. Send resume to: Dan 
Wilson, APOGEE SOFTWARE 
SYSTEMS, PBM 254, PO Box 


2800, Carefree, AZ 85377 


Vice President 
of Research & 
Development 


Forward resume to: 
e4eNet, 

Attn: Michele Monast, 
300 Crown Colony Drive, 
Quincy, MA 02169; 

Fax: 617-376-8825; 
E-mail: jobs@e4enet.com 


www.e4enet.com 


A Taesicer) 
e)Ymanle)e—) 
hiring 
managers 
than any 
IT space 
in the 
world. 


Melee) 


SOFTWARE ENGINEER 


Software engineer to design 
develop and test computer pro- 
grams for business applications: 
analyze software requirements 
to determine feasibility of design 
dire software system testing 
procedures using expertise in 
EJB, Oracle 8i, JBuilder 4.0 and 
CORBA. Requirements: Bache 
lor's De e or equivalent in 
Compu! Science or related 
field and two years experience 
as a software engineer or com 
puter programmer, knowledge 
of EJB, Oracle 8i, JBuilder 4.0 
and CORBA. Salary: $66,000 
year. Working Conditions: 8:00 
A.M. to 5:00 P.M., 40 hours 
week, involves extensive travel 
and frequent relocatior 
Manager, Armstrong yunty 
Team PA CareeLink, 1270 Nor 
Water Street, PO Box 
Kittanning, PA 16201, J 
WEB259792 


FTWARE ENGINEER 


Software engineer to design 
develop and test computer pro- 
grams for business applications; 
analyze software requirements 
to determine feasibility of design 
direct software system testing 
procedures using expertise in 
EJB, Oracle 8i, JBuilder 4.0 
and CORBA. Requirements 
Bachelor's Degree or equivalent 
i Computer Science or related 
field and two years experience 
as a software engineer or com 
puter programmer, knowledge 
of EJB, Oracle 8i, JBuilder 4.0 
and CORBA. Salary: $66,000 
year. Working Conditions: 8:00 
A.M. to 5:00 PM., 40 hours 
week, involves extensive travel 
and frequent relocation. Apply 
JS Supervisor, Green County 
Team PA CareerLink, 4 West 
High Street, Waynesburg, PA 
15370, Job No. WEB259782 


SOFTWARE ENGINEER 


ftware engineer to design 
develop and test computer pro- 
grams for business applications. 
analyze software requirements 
to determine feasibility of design 
direct software system testing 
pre jures using expertise in 
JSP, Oracle, XML and Weblogic 
6.1. Requirements: Bacr 
Degree or equivalent in Com 
puter sience or related field 
and two years experience as a 
software engineer or computer 
programmer, knowledge of JSP. 
Oracle, XML and Webiogic 6.1 
Salary: $66,000/year. Working 
Conditions: 8:00 A.M. to 5:00 
P.M., 40 hours/week, involves 
extensive travel and frequent re- 
location. Apply: Manager, West 
moreland County CareerLink 
300 East Hillis St., Youngwoo 
PA 15697, Job No. WEB259 
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SOFTWARE ENGINEER 


Software engineer to design 
develop and test computer pro: 
grams for business applications: 
analyze software requirements 
to determine feasibility of design 
direct software system testing 
procedures using expertise in 
ASP.NET, SQL Server 2000, C# 
and ADO.NET. Requirements: 
Bachelor's Degree or equivalent 
in Computer Science or related 
field and two years experience 
as a software engineer or com 
puter programmer, knowledge of 
ASP.NET, SQL Server 2000, C# 
and ADO.NET. Salary: $75,000 
year. Working Conditions: 8:00 
A.M. to 5:00 PM., 40 hours 
week, involves extensive travel 
and frequent relocation. Apply 
Manager, Beaver Courity Team 
PA CareerLink, 2103 Ninth 
Avenue, Beaver Falls,PA 15010. 
Job No. WEB259800 


tandard Template n 
++, Java, XML, ActiveX, COM 
HTML, Visual Basic, Assembly & 
c 40 hrs/wk. Send resume to 
ry Dikman, EPAm Software 
Consultants, Inc., 139 Roy Lane. 
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Continued from page 1 


Benchmark 


profit end-user group. 

End users say such bench- 
marks are a big help. 

“They save us a heck of a lot 
of time,” said John Walsh, vice 
president of information secu- 
rity at Allfirst Financial Inc. in 
Baltimore. He uses security 
benchmarks to configure hun- 
dreds of servers. “They are ac- 
cepted industrywide as a good 
place to start when building a 
secure system,” Walsh said. “I 
think there is a lot of value in 
them.” 

But the benchmark’s backers 
also hope that its broad-based 
support can be used to send a 


enabled 


Cr 


premises 


No PBX 


Lier) 
Clas 


E: IN 


eeeecsees 


ERNA 


message to vendors about the 
need for strong security before 
products are shipped. 

“We want to use the power 
of a user consensus to influ- 
ence the vendors and [original 
equipment manufacturers] to 
secure these systems before 
they ever ship them, at least to 
a minimal level,” said Clint 
Kreitner, president and CEO of 
Bethesda, Md.-based CIS. 

If vendors put in security 
settings before products are 
shipped, “we can install it and 
run it, rather than go through 
another process,” said John 
Gilligan, CIO of the U.S. Air 
Force. Today, military IT pro- 
fessionals must configure and 
test security settings before 
| deploying each workstation, 
| he said. 
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But even if vendors shipped 
systems meeting benchmark 


| standards, Walsh said it would 


not stop him from verifying it. 
He compared it to a military 
job he had many years ago as a 
parachute rigger. “I implicitly 
trusted the people I worked 
with, but I only jumped with 
my own chute,” he said. 

The benchmark gives users a 
“preflight checklist” of securi- 
ty settings. Administrators can 


| use the baseline standard to 


configure 


before 
rolling them out to users. 

The Windows 2000 bench- 
mark grew out of benchmarks 


systems 


developed by various federal 


agencies, but it was also based 


| on a Microsoft Corp. security 


template, said Steve Lipner, di- 
rector of security assurance at 


CANADIAN POSTMASTE 


| Microsoft. The Windows 2000 


benchmark provides detail, not 
; fundamental changes, to Mi- 
| crosoft security practices, Lip- 
| ner said. The company also 
| worked on the benchmark. 

| The Windows 2000 security 


| 2° 
settings are set at “moderate 


sure applications won’t break, 
| said Lipner. Preconfiguring 
PCs with Windows bench- 
| marks before they’re shipped 
would be something vendors 
| could ultimately do, he said. 
|  Microsoft’s efforts to beef up 

security won praise from 
| Richard Clarke, special adviser 
to the president on cyberspace 
security, who also called the 
| private- and public-sector col- 


| 
| 
| 
| 


things should be done.” D 


| Continued from page I 


WorldCom 


| “I don’t think many people 


| levels and set in a way to en- | 


laboration “an example of how | 


will buy it” while WorldCom’s | 


financial situation is unsettled, 
said Zeus Kerravala, an analyst 
at The Yankee Group. 

Analyst Kate Gerwig at Cur- 
rent Analysis Inc. in Sterling, 
Va., agreed, saying customers 
trust the WorldCom 
| brand for some time. She sug- 

gested it would be better to roll 

out the service after World- 

Com pares its operations and 

rights its financial ship. 

David Willis, an analyst at 
Meta Group Inc., said World- 
Com has invested heavily in 
Session Initiated Protocol tech- 


won't 


| nology, which bridges the gap 
between circuit-switched and 


posed to be launched in June, 


that the VOIP market is on the 


| stating that “circuit-switched 
networks are now too expen- 
sive to operate” and IP-based 





Pa. 17601, (717) 399-1900, Ext. 124. 
$68 per year: Canada - STO per year: Cer 


| packet-based networks, and it | 
| has been building toward a full | 
VOIP offering. “It was sup- | 


but they got distracted,” he said. | 
The internal documents con- 


vey the company’s conviction | 


verge of large-scale adoption, | 


The Center for internet Secu- 
rity’s benchmarks in develop- 
ment include: 

wiBM's AIX 

w Apache Web Server 

= Cisco Pix Firewall, 


= Windows IIS Web Server 


CIS benchmarks already 
released include: 

= Sun Solaris 

aw Linux 

mw HP-UX 

= Cisco IOS router 

= Windows 2000, NT 


The benchmarks are available at 
www.cisecurity.org.|jhoi 


phone calls will become the 
norm in the next five years. 

The service is designed to 
work with all handsets and 
networking gear. Its ultimate 
goal is to replace traditional 
telephony systems, eliminating 
the difference between local 
and long-distance calls while 
making applications such as 
unified messaging part of an 
enterprise’s core communica- 
tions infrastructure. 

Kerravala cautioned that 
many users lack the LANs to 
support VOIP traffic and that 
many remain doubtful that IP 
telephony will achieve the 
sound quality and secure com- 
munications traditional 
telephone network. 

“There’s a perception of risk 
associated with it, and I’m not 
even talking about the World- 
Com risk,” Willis said. “It’s a 
bit premature to expect cus- 
tomers to flock to this type of 
offering.” D 


of a 


Reporter Marc L. Songini 
contributed to this story. 


Competitors AT&T and SBC are already 
proceeding with IP telephony 


e QuickLink: 31511 
computerworld.com 
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Security? No — Costs 


COMPANY CALLED Serena Software Inc. has been try- 

ing to sell me on the idea that software configuration 

management is an important security tool in these days | 

of terrorist dread. The idea is that somebody inside 

or outside your organization could sabotage critical 
source code, and without a good configuration management system, 
you’d never know until it was too late. 

Of course, Serena makes pricey, high-end configuration manage- 
ment tools, so it’s not exactly an impartial observer. But security 
does matter, and so does good configuration management. 

So, will fear of sabotage get corporate IT shops looking at their 


configuration management needs anytime 
soon? Probably not. 

After all, how likely is that kind of source- 
code sabotage in most IT shops? Why would 
somebody go to the trouble of corrupting a Web 
store’s source code, when a buffer overflow at- 
tack is so much easier? Why attack any custom 
application, when the real damage would be mi- 
nuscule compared with a conventional terrorist 
attack? It’s not a credible threat. 

No, fear of sabotage probably won’t put con- 
figuration management on your agenda. Neither 
will fear of a business catastrophe caused by a 
new application that doesn’t work and can’t be 
rolled back. And fear of confusion and chaos in 
your software development projects won’t do it. 
Most of us have lived with that for years. 

Right now, just one thing will make us look 
hard at beefing up our configuration management 
systems: the possibility that it will cut costs. 

And that doesn’t look likely, does it? These 
big-deal configuration management systems — 
the kind sold by Serena and IBM and Computer 
Associates and Compuware and Rational Soft- 
ware — cost a bundle. They’re a lot of work to 
set up so that all of your mainframe 
and server and PC and Web code is 
tracked by the system. They require 
training and time and discipline. 

All that translates into money 
spent, not money saved. And unless 
you need it to get ISO 9000 certifi- 
cation or to nail down a defense 
contract, why even think about con- 
figuration management now? 

Why? Because you can’t cut costs 
if you don’t know what you’ve got. 

You can’t streamline software de- 
velopment if your Web developers 
and mainframe programmers are 


| 
| 
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duplicating one another’s work. You can’t sim- 
plify transactions and shorten processes with a 
patchwork of ad hoc, outdated, single-project 
configuration management tools. You can’t even 
see the opportunities to cut costs. 

Until just recently, that didn’t matter, because 
we weren't worrying much about costs. During 
the Internet boom, we had plenty of money and 
bodies to throw at every problem. We made 
things up as we went along, mixing and match- 
ing desktop software and back-end systems and 
Web sites, repurposing mainframes as servers 
and applications as Web pages, turning our cus- 
tomers into users. 

OK, so we reinvented lots of wheels and ended 
up with lots of mystery code, but wees was 


or sami what we had. We were iain in 
Internet time, all the rules were broken, and 
chaos was our friend. 

Now the party’s over. Money and bodies are 
in short supply, and to make the most of what 
we've got, we need to know what we’ve got. We 
can’t afford the luxury of chaos now — and 
we'll likely never be able to afford it again. 

Maybe we won’t implement state- 
of-the-art enterprise configuration 
management this year — this is 
pricey stuff, after all, and it’s the 
worst possible time to try to come 
up with the money. 

But soon we will. If we really 
want to squeeze the most out of our 
software assets, we have no choice. 

Because in the long run, if we 
manage our software development 
better at an enterprise level, we will 


reduce risks and, yes, improve secu- 
rity, too. D 


cut costs — and speed development, 





USER complains to help desk 
pilot fish that he updated a file, 
but when he reopened it the next 
day, his changes were gone. 
“Are you sure,” he asks, “that the 
backup tape isn’t back-filling 
overnight and replacing the file 
from the previous day?” 


IT MANAGER pilot fish is 
brought in late in the game on a 
document-scanning project to 
digitize a million pages for a 
state permit department. Fish 
notices the vendor's license 
specifies that it can scan only 
25,000 pages per month and 
does the math - it'll take 40 
months. Why are you planning to 
spend almost four years to do 
this? he asks permit technician. 
Baffled technician replies, “Why 
do you think it'll take four years?” 


WHEN USERS at a remote site 
can't connect to the company’s 
servers, pilot fish scrambles to 
rewire connections to the line- 
of-sight antenna that links the 
remote site. Fish has just started 
working inside the wiring cabinet 
when a maintenance guy asks, 
“Should the UPS over here be 
beeping?” Sure enough, that's 
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the UPS the antenna is plugged 
into. “I had to shut the breaker 
off yesterday,” the maintenance 
guy says. “That didn’t cause any 
problems, did it?” 


BLOWING the dust out of his 
mouse didn't solve the problem, 
user tells help desk pilot fish. But 
he did take a good look around 
while dusting its innards. “Could 
the problem be that the felt is 
wearing off the wheels inside the 
mouse?” he asks. “That's not 
felt,” fish sighs. “That's just dirt 
that’s built up.” 


AFTER A power outage, user 
calls network engineer pilot fish 
to complain he can't access a 
small file server that fish knows 
isn't on a UPS. “Is the server 
powered on?” fish asks. User 
checks. “It's not on,” he says. 
“Should we power it up?” 


Hey, power me up: sharky@ 
computerworld.com. You get 
a snazzy Shark shirt if we use 
your true tale of IT life. And 
check out the daily feed, browse 
the Sharkives and sign up for 
Shark Tank home delivery at 
computerworld.com/sharky. 
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“Here’s a little tip on oan that gou 
won't find in the manual.” 
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Storage in every size and width. 

The difference between winning and losing is a little thing called 
“storage: And the winning play is integrated storage solutions. Why? 
Hardware and software that work together speed implementation, 
let you maximize your current infrastructure investments, and help 
reduce risk. IBM TotalStorage” solutions are complete, cross-platform 
storage offerings that cover storage networking, disk, tape, software 
and services. Bent on winning? Find out where you can test-drive 


any IBM storage solution at ibm.cem/totalstorage/solutions 
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